Lucene search

[email protected]NVD:CVE-2023-4837

HistoryOct 10, 2023 - 10:15 a.m.

CVE-2023-4837

2023-10-1010:15:10

CWE-352

[email protected]

web.nvd.nist.gov

smodbip

cross-site request forgery

unintended actions

administrative privileges

vulnerability

not maintained

cve-2023-4837

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.2%

JSON

SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges.
This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the vulnerability will not be fixed.

Affected configurations

Nvd

Node

smodsmodbip

VendorProductVersionCPE
smodsmodbip*cpe:2.3:a:smod:smodbip:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
smod	smodbip	*	cpe:2.3:a:smod:smodbip::::::::

References

cert.pl/en/posts/2023/10/CVE-2023-4837/

cert.pl/posts/2023/10/CVE-2023-4837/

smod.pl/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.2%

JSON

Related for NVD:CVE-2023-4837

cve1 cvelist1 vulnrichment1 prion1