CVE-2023-23903

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-23903
An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention.

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://security.nozominetworks.com/NN-2023:7-01 Vendor Advisory
https://security.nozominetworks.com/NN-2023:7-01 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
History

21 Nov 2024, 07:47

Type Values Removed Values Added
References () https://security.nozominetworks.com/NN-2023:7-01 - Vendor Advisory () https://security.nozominetworks.com/NN-2023:7-01 - Vendor Advisory

20 Sep 2024, 12:15

Type Values Removed Values Added
CWE CWE-20 CWE-1286

28 May 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) Un administrador autenticado puede cargar un archivo de configuración SAML con el formato incorrecto, sin que la aplicación compruebe el formato correcto del archivo. Cada solicitud posterior de la aplicación devolverá un error. Toda la aplicación en inutilizable hasta una intervención de la consola.
Summary (en) An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention. (en) An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention.
Information

Published : 2023-08-09 10:15

Updated : 2024-11-21 07:47

NVD link : CVE-2023-23903

Mitre link : CVE-2023-23903

CVE.ORG link : CVE-2023-23903

JSON object : View

Products Affected

nozominetworks

  • cmc
  • guardian
CWE
CWE-1286

Improper Validation of Syntactic Correctness of Input

NVD-CWE-noinfo