CVE-2023-6916 : Audit records for OpenAPI requests may include sensitive information. This co

Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation.

Published 2024-04-10 15:50:58

Updated 2024-09-20 12:15:05

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2023-6916

Please log in to view affected product information.

EPSS FAQ

0.19%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 42 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	Nozomi Networks Inc.	2024-04-10
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.5	HIGH	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/V...	N/A	N/A	Nozomi Networks Inc.	2024-09-20
Attack Vector: Network Attack Complexity: Low Attack Requirements: Present Privileges Required: High User Interaction: None Confidentiality (VC): High Integrity (VI): High Availability (VA): High

CWE-201 Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Assigned by: prodsec@nozominetworks.com (Secondary)
CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Assigned by: prodsec@nozominetworks.com (Secondary)

https://security.nozominetworks.com/NN-2023:17-01

NN-2023:17-01 - Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 - CVE-2023-6916 | Product Security Incident Response Portal

Jump to