CVE-2023-39446

Опубликовано: 18 сент. 2023

Источник: nvd

CVSS3: 8.9

CVSS3: 8.8

EPSS Низкий

Описание

Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03
Third Party Advisory
US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*

cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.00067

Низкий

8.9 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-jrp5-w8q4-6m33

CVSS3: 8.9

github

больше 2 лет назад

** UNSUPPPORTED WHEN ASSIGNED ** Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.

BDU:2023-05923

CVSS3: 8.9

fstec

больше 2 лет назад

Уязвимость веб-приложения управления модульного источника бесперебойного питания MODULYS GP (MOD3GP-SY-120K), позволяющая нарушителю выполнить произвольные действия

EPSS

Процентиль: 21%

0.00067

Низкий

8.9 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352