CVE-2023-4400

A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:skyhighsecurity:secure_web_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:skyhighsecurity:secure_web_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:skyhighsecurity:secure_web_gateway:*:*:*:*:*:*:*:*

History

15 Sep 2023, 19:21

Type Values Removed Values Added
CWE CWE-312
First Time Skyhighsecurity
Skyhighsecurity secure Web Gateway
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:skyhighsecurity:secure_web_gateway:*:*:*:*:*:*:*:*
References
  • (MISC) https://github.com/advisories/GHSA-qggp-c2rq-6x65 - Third Party Advisory
References (MISC) https://kcm.trellix.com/corporate/index?page=content&id=SB10406 - (MISC) https://kcm.trellix.com/corporate/index?page=content&id=SB10406 - Broken Link

13 Sep 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-13 07:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-4400

Mitre link : CVE-2023-4400

CVE.ORG link : CVE-2023-4400


JSON object : View

Products Affected

skyhighsecurity

  • secure_web_gateway
CWE
CWE-312

Cleartext Storage of Sensitive Information

CWE-256

Plaintext Storage of a Password