Lucene search
HistoryMar 15, 2023 - 11:15 p.m.
CVE-2023-24468
broken access control
advanced authentication
security vulnerability
version 6.4.1.1
version 6.3.7.2
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.003
Percentile
71.9%
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
Affected configurations
Node
microfocusnetiq_advanced_authenticationRange<6.3
ORmicrofocusnetiq_advanced_authenticationMatch6.3-
ORmicrofocusnetiq_advanced_authenticationMatch6.3sp1
ORmicrofocusnetiq_advanced_authenticationMatch6.3sp2
ORmicrofocusnetiq_advanced_authenticationMatch6.3sp3
ORmicrofocusnetiq_advanced_authenticationMatch6.3sp4
ORmicrofocusnetiq_advanced_authenticationMatch6.3sp4_patch1
ORmicrofocusnetiq_advanced_authenticationMatch6.3sp5
ORmicrofocusnetiq_advanced_authenticationMatch6.3sp5_patch1
ORmicrofocusnetiq_advanced_authenticationMatch6.3sp5_patch2
ORmicrofocusnetiq_advanced_authenticationMatch6.3sp6
ORmicrofocusnetiq_advanced_authenticationMatch6.3sp6_patch1
ORmicrofocusnetiq_advanced_authenticationMatch6.3sp7
ORmicrofocusnetiq_advanced_authenticationMatch6.4-
ORmicrofocusnetiq_advanced_authenticationMatch6.4sp1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microfocus | netiq_advanced_authentication | * | cpe:2.3:a:microfocus:netiq_advanced_authentication:*:*:*:*:*:*:*:* |
| microfocus | netiq_advanced_authentication | 6.3 | cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:-:*:*:*:*:*:* |
| microfocus | netiq_advanced_authentication | 6.3 | cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp1:*:*:*:*:*:* |
| microfocus | netiq_advanced_authentication | 6.3 | cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp2:*:*:*:*:*:* |
| microfocus | netiq_advanced_authentication | 6.3 | cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp3:*:*:*:*:*:* |
| microfocus | netiq_advanced_authentication | 6.3 | cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4:*:*:*:*:*:* |
| microfocus | netiq_advanced_authentication | 6.3 | cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp4_patch1:*:*:*:*:*:* |
| microfocus | netiq_advanced_authentication | 6.3 | cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5:*:*:*:*:*:* |
| microfocus | netiq_advanced_authentication | 6.3 | cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5_patch1:*:*:*:*:*:* |
| microfocus | netiq_advanced_authentication | 6.3 | cpe:2.3:a:microfocus:netiq_advanced_authentication:6.3:sp5_patch2:*:*:*:*:*:* |
References
Related
prion
prion
Improper access control
2023-03-15 23:15:00
cvelist
cvelist
CVE-2023-24468
2023-03-15 00:00:00
cve
cve
CVE-2023-24468
2023-03-15 23:15:09
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.003
Percentile
71.9%
Related for NVD:CVE-2023-24468