Lucene search

[email protected]CVE-2023-23562

HistoryMay 31, 2023 - 1:15 a.m.

CVE-2023-23562

2023-05-3101:15:43

[email protected]

web.nvd.nist.gov

stormshield

endpoint security

access control

authentication

global parameters

vulnerability

cve-2023-23562

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters.

Affected configurations

NVD

Node

stormshieldendpoint_securityRange2.3.0–2.4.1

CPENameOperatorVersion
stormshield:endpoint_securitystormshield endpoint securitylt2.4.1

CPE	Name	Operator	Version
stormshield:endpoint_security	stormshield endpoint security	lt	2.4.1

References

advisories.stormshield.eu

advisories.stormshield.eu/2023-002/

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

Related for CVE-2023-23562

prion1 nvd1 cvelist1