Lucene search
GoogleOSV:CVE-2023-3289HistoryJul 09, 2024 - 11:15 a.m.
CVE-2023-3289
2024-07-0911:15:12
Google
osv.dev
2
bola vulnerability
post services
low privileged user
unauthorized data manipulation
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
AI Score
6.5
Confidence
Low
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation.
Related
veracode
veracode
Authorization Bypass
2024-07-12 04:22:57
vulnrichment
vulnrichment
cvelist
cvelist
nvd
nvd
CVE-2023-3289
2024-07-09 11:15:12
cve
cve
CVE-2023-3289
2024-07-09 11:15:12
paloalto
paloalto
PAN-OS: OS Command Injection Vulnerability in the Web Interface
2023-12-13 17:00:00
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
AI Score
6.5
Confidence
Low
Related for OSV:CVE-2023-3289