Lucene search

[email protected]CVE-2023-24468

HistoryMar 15, 2023 - 11:15 p.m.

CVE-2023-24468

2023-03-1523:15:09

[email protected]

web.nvd.nist.gov

cve

2023

24468

broken access control

advanced authentication

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2

Affected configurations

NVD

Node

netiqadvanced_authenticationRange6.3.0.0–6.3.7.2

netiqadvanced_authenticationRange6.4.0.0–6.4.1.1

CPENameOperatorVersion
netiq:advanced_authenticationnetiq advanced authenticationlt6.3.7.2
netiq:advanced_authenticationnetiq advanced authenticationlt6.4.1.1

CPE	Name	Operator	Version
netiq:advanced_authentication	netiq advanced authentication	lt	6.3.7.2
netiq:advanced_authentication	netiq advanced authentication	lt	6.4.1.1

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "NetIQ Advanced Authentication",
    "versions": [
      {
        "version": "versions prior to 6.4.1.1 and 6.3.7.2",
        "status": "affected"
      }
    ]
  }
]

References

www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html

www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-6411/data/advanced-authentication-releasenotes-6411.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

Related for CVE-2023-24468

cvelist1 prion1 nvd1