Lucene search
Veracode Vulnerability DatabaseVERACODE:43822HistoryOct 13, 2023 - 12:52 p.m.
Improper Authorization
2023-10-1312:52:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
vulnerable software
improper validation
unauthorized actions
integer names
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
21.1%
vantage6_server is vulnerable to Improper Authorization. The vulnerability exists due to improper validations which allows an attacker to perform unauthorized actions by creating resources with integers as names.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vantage6-server | le | 3.11.1 | |
| vantage6-server | le | 3.11.1 |
Related
github
github
Defining resource name as integer may give unintended access in vantage6
2023-10-13 19:30:40
osv
osv
Defining resource name as integer may give unintended access in vantage6
2023-10-13 19:30:40
CVE-2023-28635
2023-10-11 20:15:09
PYSEC-2023-198
2023-10-11 20:15:00
cvelist
cvelist
prion
prion
Design/Logic Flaw
2023-10-11 20:15:00
nvd
nvd
CVE-2023-28635
2023-10-11 20:15:09
cve
cve
CVE-2023-28635
2023-10-11 20:15:09
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
21.1%
Related for VERACODE:43822