CVE-2023-39446 Vulnerability Details

  /     /     /  

CVE-2023-39446 Metadata Quick Info

CVE Published: 18/09/2023 | CVE Updated: 24/09/2024 | CVE Year: 2023
Source: icscert | Vendor: Socomec | Product: MODULYS GP (MOD3GP-SY-120K)
Status : PUBLISHED

---

CVE-2023-39446 Description

Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.

Metrics

CVSS Version: 3.1 | Base Score: 8.9 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-352
CWE Name: CWE-352 Cross-Site Request Forgery
Source: Socomec

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).