8.1
CVE-2023-28656
- EPSS 0.2%
- Veröffentlicht 03.05.2023 15:15:12
- Zuletzt bearbeitet 19.05.2025 14:45:09
- Quelle f5sirt@f5.com
- CVE-Watchlists
- Unerledigt
LoginNGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netapp ≫ Cloud Backup Version-
Netapp ≫ Ontap Select Deploy Version-
F5 ≫ Nginx Api Connectivity Manager Version >= 1.0.0 < 1.5.0
F5 ≫ Nginx Instance Manager Version >= 2.0.0 < 2.9.0
F5 ≫ Nginx Security Monitoring Version >= 1.0.0 < 1.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.426 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| f5sirt@f5.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.