CVE-2023-37498

Опубликовано: 03 авг. 2023

Источник: nvd

CVSS3: 8.1

CVSS3: 8.8

EPSS Низкий

Описание

A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges.

Ссылки

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106545
Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106545
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcltech:unica:*:*:*:*:*:*:*:*

Версия до 12.1.1 (исключая)

EPSS

Процентиль: 51%

0.00277

Низкий

8.1 High

CVSS3

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-c6qm-7rqc-8v77

CVSS3: 8.1

github

больше 2 лет назад

A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges.

EPSS

Процентиль: 51%

0.00277

Низкий

8.1 High

CVSS3

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo