6.5
CVE-2023-22897
- EPSS 88.76%
- Veröffentlicht 12.04.2023 23:15:07
- Zuletzt bearbeitet 10.02.2025 16:15:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Securepoint ≫ Unified Threat Management Version >= 12.2.3.1 < 12.2.5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 88.76% | 0.995 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.