CVE-2023-7240

{"id": "CVE-2023-7240", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-05-07T13:15:47.973", "references": [{"url": "https://www.netiq.com/documentation/identity-console/identity_console1720000_releasenotes/data/identity_console1720000_releasenotes.html", "source": "security@opentext.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "\u00a0An improper authorization level has been detected in the login panel. It may lead to\nunauthenticated Server Side Request Forgery and allows to perform open services\nenumeration. Server makes query to provided server (Server IP/DNS field) and is\ntriggering connection to arbitrary address.\n\n"}], "lastModified": "2024-05-07T13:39:32.710", "sourceIdentifier": "security@opentext.com"}