CVE-2023-28724

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:f5:nginx_api_connectivity_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_security_monitoring:*:*:*:*:*:*:*:*

History

09 Jun 2023, 08:15

Type Values Removed Values Added
References
  • (MISC) https://security.netapp.com/advisory/ntap-20230609-0006/ -

Information

Published : 2023-05-03 15:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-28724

Mitre link : CVE-2023-28724

CVE.ORG link : CVE-2023-28724


JSON object : View

Products Affected

f5

  • nginx_security_monitoring
  • nginx_api_connectivity_manager
  • nginx_instance_manager
CWE
CWE-276

Incorrect Default Permissions