CVE-2023-4843

{"id": "CVE-2023-4843", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@pega.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2023-09-08T17:15:30.570", "references": [{"url": "https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-d23-vulnerability-remediation-note?", "tags": ["Vendor Advisory"], "source": "security@pega.com"}, {"url": "https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-d23-vulnerability-remediation-note?", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@pega.com", "description": [{"lang": "en", "value": "CWE-74"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user."}, {"lang": "es", "value": "Las versiones 7.1 a 8.8.3 de Pega Platform se ven afectadas por un problema de Inyecci\u00f3n HTML con un campo de nombre utilizado en Visual Business Director, sin embargo, este campo solo puede ser modificado por un usuario administrativo autenticado."}], "lastModified": "2024-11-21T08:36:05.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pega:pega_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "710BB881-CF11-4498-AB0E-54E3B4944C2E", "versionEndIncluding": "8.8.3", "versionStartIncluding": "7.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@pega.com"}