CVE-2023-4400

A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:skyhighsecurity:secure_web_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:skyhighsecurity:secure_web_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:skyhighsecurity:secure_web_gateway:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:35

Type Values Removed Values Added
References () https://kcm.trellix.com/corporate/index?page=content&id=SB10406 - Broken Link () https://kcm.trellix.com/corporate/index?page=content&id=SB10406 - Broken Link
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 6.2

15 Sep 2023, 19:21

Type Values Removed Values Added
First Time Skyhighsecurity
Skyhighsecurity secure Web Gateway
References
  • (MISC) https://github.com/advisories/GHSA-qggp-c2rq-6x65 - Third Party Advisory
References (MISC) https://kcm.trellix.com/corporate/index?page=content&id=SB10406 - (MISC) https://kcm.trellix.com/corporate/index?page=content&id=SB10406 - Broken Link
CPE cpe:2.3:a:skyhighsecurity:secure_web_gateway:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CWE CWE-312

13 Sep 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-13 07:15

Updated : 2024-11-21 08:35


NVD link : CVE-2023-4400

Mitre link : CVE-2023-4400

CVE.ORG link : CVE-2023-4400


JSON object : View

Products Affected

skyhighsecurity

  • secure_web_gateway
CWE
CWE-256

Plaintext Storage of a Password

CWE-312

Cleartext Storage of Sensitive Information