Lucene search

[email protected]NVD:CVE-2023-30056

HistoryMay 09, 2023 - 9:15 p.m.

CVE-2023-30056

2023-05-0921:15:11

CWE-384

[email protected]

web.nvd.nist.gov

cve-2023-30056

session takeover

fico origination manager

insufficient protection

jsessionid cookie

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.003 Low

EPSS

Percentile

70.4%

JSON

A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie.

Affected configurations

NVD

Node

ficoorigination_manager_decisionMatch4.8.1

References

fico.com

origination.com

packetstormsecurity.com/files/172192/FICO-Origination-Manager-Decision-Module-4.8.1-XSS-Session-Hijacking.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for NVD:CVE-2023-30056

cvelist1 prion1 cve1 packetstorm1 zdt1