CVE-2023-24015

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:47

Type Values Removed Values Added
References () https://security.nozominetworks.com/NN-2023:6-01 - Vendor Advisory () https://security.nozominetworks.com/NN-2023:6-01 - Vendor Advisory

20 Sep 2024, 12:15

Type Values Removed Values Added
CWE CWE-20 CWE-1286

28 May 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad de denegación de servicio parcial en la sección Informes, que puede ser explotada por un usuario malicioso ya autenticado que fuerce a guardar un informe con el nombre nulo. La sección de informes estará parcialmente no disponible para todos los intentos posteriores de utilizarla, con la lista de informes aparentemente atascada en la carga.
Summary (en) A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading. (en) A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.

Information

Published : 2023-08-09 10:15

Updated : 2024-11-21 07:47


NVD link : CVE-2023-24015

Mitre link : CVE-2023-24015

CVE.ORG link : CVE-2023-24015


JSON object : View

Products Affected

nozominetworks

  • guardian
  • cmc
CWE
CWE-1286

Improper Validation of Syntactic Correctness of Input

NVD-CWE-noinfo