Lucene search

K
nvd[email protected]NVD:CVE-2023-30056
HistoryMay 09, 2023 - 9:15 p.m.

CVE-2023-30056

2023-05-0921:15:11
CWE-384
web.nvd.nist.gov
1
cve-2023-30056
session takeover
fico origination manager
insufficient protection
jsessionid cookie

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.003

Percentile

70.3%

A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie.

Affected configurations

Nvd
Node
ficoorigination_manager_decisionMatch4.8.1
VendorProductVersionCPE
ficoorigination_manager_decision4.8.1cpe:2.3:a:fico:origination_manager_decision:4.8.1:*:*:*:*:*:*:*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.003

Percentile

70.3%

Related for NVD:CVE-2023-30056