CVE-2023-7240 : An improper authorization level has been detected in the login panel. It may l

An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address.

Published 2024-05-07 13:15:48

Updated 2024-05-07 13:39:33

Source OpenText

View at NVD, CVE.org

Vulnerability category: Server-side request forgery (SSRF) Input validation

Products affected by CVE-2023-7240

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-7240

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 9 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-7240

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N	3.9	1.4	OpenText	2024-05-07
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2023-7240

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: security@opentext.com (Secondary)

References for CVE-2023-7240

https://www.netiq.com/documentation/identity-console/identity_console1720000_releasenotes/data/identity_console1720000_releasenotes.html

NetIQ Identity Console 1.7 Service Pack 2 Release Notes

Jump to

Vulnerability Details : CVE-2023-7240

Products affected by CVE-2023-7240

Exploit prediction scoring system (EPSS) score for CVE-2023-7240

CVSS scores for CVE-2023-7240

CWE ids for CVE-2023-7240

References for CVE-2023-7240