exploitDog

CVE-2023-41089

Опубликовано: 19 окт. 2023

Источник: nvd

CVSS3: 8

CVSS3: 8.8

EPSS Низкий

Описание

The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-23-271-02
Third Party Advisory
US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-271-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dexma:dexgate:20130114:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00221

Низкий

8 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-287

CWE-287

Связанные уязвимости

GHSA-chwf-pr57-9wm2

CVSS3: 8

github

больше 2 лет назад

The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests.

EPSS

Процентиль: 44%

0.00221

Низкий

8 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-287

CWE-287