Lucene search

[email protected]NVD:CVE-2023-4094

HistorySep 19, 2023 - 2:15 p.m.

CVE-2023-4094

2023-09-1914:15:22

CWE-1390

CWE-287

[email protected]

web.nvd.nist.gov

arconte aurea

authentication

vulnerability

version 1.5.0.0

denial of service

attempt limit

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

34.3%

JSON

ARCONTE Aurea’s authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form.

Affected configurations

Nvd

Node

fujitsuarconte_aureaMatch1.5.0.0

VendorProductVersionCPE
fujitsuarconte_aurea1.5.0.0cpe:2.3:a:fujitsu:arconte_aurea:1.5.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fujitsu	arconte_aurea	1.5.0.0	cpe:2.3:a:fujitsu:arconte_aurea:1.5.0.0:::::::*

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

34.3%

JSON

Related for NVD:CVE-2023-4094

vulnrichment1 prion1 cvelist1 cve1