Lucene search

INCDCVELIST:CVE-2023-39376

HistorySep 26, 2023 - 9:19 a.m.

CVE-2023-39376 SiberianCMS - CWE-284: Improper Access Control Authorized user may disable a security feature over the network

2023-09-2609:19:55

CWE-284

INCD

www.cve.org

siberiancms

cwe-284

improper access control

authorized user

security feature

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.0005 Low

EPSS

Percentile

16.2%

JSON

SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SiberianCMS",
    "vendor": "SiberianCMS",
    "versions": [
      {
        "lessThanOrEqual": "upgrade to version 4.20.44 or 5.0.4",
        "status": "affected",
        "version": "versions 4.*, 5.*",
        "versionType": "custom"
      }
    ]
  }
]

References

www.gov.il/en/Departments/faq/cve_advisories

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for CVELIST:CVE-2023-39376