CVE-2023-5913

Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://portal.microfocus.com/s/article/KM000023500?language=en_US	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microfocus:fortify_scancentral_dast:21.1:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2.1:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1.1:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:22.2:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:23.1:::::::*

History

16 Nov 2023, 17:00

Type	Values Removed	Values Added
CPE		cpe:2.3:a:microfocus:fortify_scancentral_dast:22.2:::::::* cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2.1:::::::* cpe:2.3:a:microfocus:fortify_scancentral_dast:23.1:::::::* cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1.1:::::::* cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2:::::::* cpe:2.3:a:microfocus:fortify_scancentral_dast:21.1:::::::* cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1:::::::*
First Time		Microfocus fortify Scancentral Dast Microfocus
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://portal.microfocus.com/s/article/KM000023500?language=en_US -~~	() https://portal.microfocus.com/s/article/KM000023500?language=en_US - Vendor Advisory

08 Nov 2023, 17:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-08 17:15

Updated : 2024-09-04 14:35

NVD link : CVE-2023-5913

Mitre link : CVE-2023-5913

CVE.ORG link : CVE-2023-5913

JSON object : View

Products Affected

microfocus

fortify_scancentral_dast

CWE

NVD-CWE-noinfo CWE-266

Incorrect Privilege Assignment

{"id": "CVE-2023-5913", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@opentext.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2023-11-08T17:15:08.193", "references": [{"url": "https://portal.microfocus.com/s/article/KM000023500?language=en_US", "tags": ["Vendor Advisory"], "source": "security@opentext.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-266"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-266"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The\u00a0vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de asignaci\u00f3n de privilegios incorrecta en texto abierto Fortify ScanCentral DAST. La vulnerabilidad podr\u00eda aprovecharse para obtener privilegios elevados. Este problema afecta a Fortify ScanCentral DAST versiones 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1."}], "lastModified": "2024-09-04T14:35:08.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:21.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5578907C-9142-461B-88F3-D4510D57E23A"}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDE09FF8-AFDD-4F5E-AF44-FFE8854F5763"}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EF4C5A3-E698-469A-A8AB-223AC6013B1C"}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0926D3A0-76B2-435C-B691-58B51EDF81B7"}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "956F2EB1-BF27-4F42-A325-E9F91EF60E5D"}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:22.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DA67A67-DC1E-4FC0-8A9B-8A2192E939BB"}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:23.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BFD11CE-87C4-40A2-A6EA-80CF1D465F4B"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}