exploitDog

CVE-2023-38751

Опубликовано: 09 авг. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation.

Ссылки

https://jvn.jp/en/jp/JVN83334799/
Third Party Advisory
https://www.jpcert.or.jp/press/2023/PR20230807_notice.html
Third Party Advisory
https://jvn.jp/en/jp/JVN83334799/
Third Party Advisory
https://www.jpcert.or.jp/press/2023/PR20230807_notice.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jpcert:special_interest_group_network_for_analysis_and_liaison:*:*:*:*:*:*:*:*

Версия от 4.4.0 (включая) до 4.7.7 (включая)

EPSS

Процентиль: 23%

0.00078

Низкий

4.3 Medium

CVSS3

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-6q6m-j9j3-cpq4

CVSS3: 4.3

github

больше 2 лет назад

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation.

EPSS

Процентиль: 23%

0.00078

Низкий

4.3 Medium

CVSS3

Дефекты

NVD-CWE-Other