Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-38551
HistoryMay 31, 2024 - 6:15 p.m.

CVE-2023-38551

2024-05-3118:15:09
[email protected]
web.nvd.nist.gov
1
nvd
cve-2023-38551
ivanti connect secure
crlf injection
authenticated
cross-site scripting

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.

Related

cve 1
cvelist 1
nessus 2
vulnrichment 1
thn 1
cve
cve
CVE-2023-38551
2024-05-31 18:15:09
cvelist
cvelist
CVE-2023-38551
2024-05-31 17:38:31
nessus
nessus
Ivanti Policy Secure 22.x XSS Vulnerability
2024-05-24 00:00:00
Ivanti Connect Secure 9.x / 22.x XSS Vulnerability
2024-05-24 00:00:00
vulnrichment
vulnrichment
CVE-2023-38551
2024-05-31 17:38:31
thn
thn
Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager
2024-05-23 09:21:00

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for NVD:CVE-2023-38551
cve1cvelist1nessus2vulnrichment1thn1