CVE-2023-24015

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.
References
Link Resource
https://security.nozominetworks.com/NN-2023:6-01 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*

History

20 Sep 2024, 12:15

Type Values Removed Values Added
CWE CWE-20 CWE-1286

28 May 2024, 13:15

Type Values Removed Values Added
Summary (en) A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading. (en) A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.

16 Aug 2023, 16:45

Type Values Removed Values Added
First Time Nozominetworks cmc
Nozominetworks guardian
Nozominetworks
References (MISC) https://security.nozominetworks.com/NN-2023:6-01 - (MISC) https://security.nozominetworks.com/NN-2023:6-01 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*

09 Aug 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-09 10:15

Updated : 2024-09-20 12:15


NVD link : CVE-2023-24015

Mitre link : CVE-2023-24015

CVE.ORG link : CVE-2023-24015


JSON object : View

Products Affected

nozominetworks

  • guardian
  • cmc
CWE
NVD-CWE-noinfo CWE-1286

Improper Validation of Syntactic Correctness of Input