Vulnerability Details : CVE-2023-32271
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
Vulnerability category: Information leak
Products affected by CVE-2023-32271
- cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32271
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32271
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
Talos |
CWE ids for CVE-2023-32271
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: talos-cna@cisco.com (Primary)
References for CVE-2023-32271
-
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774
TALOS-2023-1774 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceExploit;Technical Description;Third Party Advisory
-
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774
TALOS-2023-1774 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceExploit;Technical Description;Third Party Advisory
Jump to