Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.12 views

CVE-2023-40037

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...

6.5CVSS6.6AI score0.01536EPSS
Exploits0References1
Circl
Circl
added 2023/08/19 2:38 a.m.8 views

CVE-2023-40037

creationtimestamp| type| source ---|---|--- 2023-08-19 02:38:35+00:00| seen| https://t.me/cibsecurity/68850 2023-11-23 22:57:00+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5931 2024-08-16 08:52:58+00:00| published-proof-of-concept| https://t.me/Rootsec2/2107 2024-10-28...

6.5CVSS6.3AI score0.01536EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2023/08/19 12:30 a.m.3 views

org.apache.nifi:nifi-jms-processors-nar (>=1.21.0 <=1.23.0) potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-jms-processors (>=1.21.0 <=1.23.0)

org.apache.nifi:nifi-jms-processors MAVEN version =1.21.0, =1.21.0, =1.23.0 Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...

6.5CVSS6.5AI score0.01536EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/08/19 12:30 a.m.4 views

com.hcl.commerce:commerce-search-processors (>=9.1.14.0 <=9.1.15.0), org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.23.0) +153 more potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-dbcp-service-api (>=1.21.0 <=1.23.0)

org.apache.nifi:nifi-dbcp-service-api MAVEN version =1.21.0, =9.1.14.0, =1.22.0, =1.22.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.23.0 and more Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...

6.5CVSS6.5AI score0.01536EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/08/19 12:30 a.m.13 views

org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.23.0), org.apache.nifi:nifi-dbcp-service (>=1.21.0 <=1.23.0) +4 more potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-dbcp-base (>=1.21.0 <=1.23.0)

org.apache.nifi:nifi-dbcp-base MAVEN version =1.21.0, =1.22.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.23.0 Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...

6.5CVSS6.5AI score0.01536EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/08/18 9:54 p.m.15 views

CVE-2023-40037 Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...

6.3AI score0.01536EPSS
Exploits0References3
CVE
CVE
added 2023/08/18 9:54 p.m.255 views

CVE-2023-40037

CVE-2023-40037 affects Apache NiFi versions 1.21.0 through 1.23.0, where JDBC/JNDI JMS access in several Processors and Controller Services uses connection URL validation that is insufficient against crafted inputs. An authenticated, authorized user can bypass validation by formatting inputs clev...

6.5CVSS6.3AI score0.01536EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder