CWE-425
AllowedDirect Request ('Forced Browsing')
Abstraction: Base · Status: Incomplete
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
269 vulnerabilities reference this CWE, most recent first.
CVE-2023-5786 (GCVE-0-2023-5786)
Vulnerability from cvelistv5 – Published: 2023-10-26 15:31 – Updated: 2024-08-02 08:07- CWE-425 - Direct Request
| URL | Tags |
|---|---|
| https://vuldb.com/?id.243592 | vdb-entry |
| https://vuldb.com/?ctiid.243592 | signaturepermissions-required |
| https://github.com/Qxyday/GeoServe---unauthorized | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| GeoServer | GeoWebCache |
Affected:
1.15.0
Affected: 1.15.1 |
|
| geoserver | geowebcache |
Affected:
1.15.0
cpe:2.3:a:geoserver:geowebcache:1.15.0:*:*:*:*:*:*:* |
|
| geoserver | geowebcache |
Affected:
1.15.1
cpe:2.3:a:geoserver:geowebcache:1.15.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geoserver:geowebcache:1.15.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geowebcache",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:geoserver:geowebcache:1.15.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geowebcache",
"vendor": "geoserver",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T19:56:47.790291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T19:58:51.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.243592"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.243592"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/Qxyday/GeoServe---unauthorized"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GeoWebCache",
"vendor": "GeoServer",
"versions": [
{
"status": "affected",
"version": "1.15.0"
},
{
"status": "affected",
"version": "1.15.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Qxy.cn (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243592."
},
{
"lang": "de",
"value": "In GeoServer GeoWebCache bis 1.15.1 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /geoserver/gwc/rest.html. Durch Manipulieren mit unbekannten Daten kann eine direct request-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T15:31:04.617Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.243592"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.243592"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Qxyday/GeoServe---unauthorized"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-26T07:45:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "GeoServer GeoWebCache rest.html direct request"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5786",
"datePublished": "2023-10-26T15:31:04.617Z",
"dateReserved": "2023-10-26T05:39:57.017Z",
"dateUpdated": "2024-08-02T08:07:32.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5702 (GCVE-0-2023-5702)
Vulnerability from cvelistv5 – Published: 2023-10-23 00:31 – Updated: 2024-08-02 08:07- CWE-425 - Direct Request
| URL | Tags |
|---|---|
| https://vuldb.com/?id.243140 | vdb-entry |
| https://vuldb.com/?ctiid.243140 | signaturepermissions-required |
| https://github.com/GTA12138/vul/blob/main/Viessma… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Viessmann | Vitogate 300 |
Affected:
2.1.0
Affected: 2.1.1 Affected: 2.1.2 Affected: 2.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.243140"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.243140"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/GTA12138/vul/blob/main/Viessmann/Vitogate300_Document_Unauthorized_Access.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vitogate 300",
"vendor": "Viessmann",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.1.2"
},
{
"status": "affected",
"version": "2.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "rollingchair (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Viessmann Vitogate 300 bis 2.1.3.0 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /cgi-bin/. Durch das Manipulieren mit unbekannten Daten kann eine direct request-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T00:31:04.073Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.243140"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.243140"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/GTA12138/vul/blob/main/Viessmann/Vitogate300_Document_Unauthorized_Access.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-10-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-22T18:14:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Viessmann Vitogate 300 direct request"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5702",
"datePublished": "2023-10-23T00:31:04.073Z",
"dateReserved": "2023-10-22T16:09:16.060Z",
"dateUpdated": "2024-08-02T08:07:32.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4544 (GCVE-0-2023-4544)
Vulnerability from cvelistv5 – Published: 2023-08-26 05:00 – Updated: 2025-07-01 13:50- CWE-425 - Direct Request
| URL | Tags |
|---|---|
| https://vuldb.com/?id.238049 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.238049 | signaturepermissions-required |
| https://vuldb.com/?submit.193047 | third-party-advisory |
| https://github.com/jo1995hn/cve/blob/main/s856.md | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Byzoro | Smart S85F Management Platform |
Affected:
20230809
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-238049 | Byzoro Smart S85F Management Platform php.ini direct request",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.238049"
},
{
"name": "VDB-238049 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.238049"
},
{
"name": "Submit #193047 | Information leaks occur on the Smart S85F management platform",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.193047"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/jo1995hn/cve/blob/main/s856.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4544",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T17:55:33.724087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:50:44.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Smart S85F Management Platform",
"vendor": "Byzoro",
"versions": [
{
"status": "affected",
"version": "20230809"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jackljk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Byzoro Smart S85F Management Platform bis 20230809 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /config/php.ini. Durch das Beeinflussen mit unbekannten Daten kann eine direct request-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T08:34:28.248Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-238049 | Byzoro Smart S85F Management Platform php.ini direct request",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.238049"
},
{
"name": "VDB-238049 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.238049"
},
{
"name": "Submit #193047 | Information leaks occur on the Smart S85F management platform",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.193047"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/jo1995hn/cve/blob/main/s856.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-08-25T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-08-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-09T09:06:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "Byzoro Smart S85F Management Platform php.ini direct request"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4544",
"datePublished": "2023-08-26T05:00:06.286Z",
"dateReserved": "2023-08-25T15:23:00.952Z",
"dateUpdated": "2025-07-01T13:50:44.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4018 (GCVE-0-2023-4018)
Vulnerability from cvelistv5 – Published: 2023-09-01 10:30 – Updated: 2026-04-27 04:06- CWE-425 - Direct Request ('Forced Browsing')
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/420301 | issue-trackingpermissions-required |
| https://hackerone.com/reports/2083440 | technical-descriptionexploitpermissions-required |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4018",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T13:31:06.799486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T14:33:37.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #420301",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/420301"
},
{
"name": "HackerOne Bug Bounty Report #2083440",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2083440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.2.5",
"status": "affected",
"version": "16.2",
"versionType": "semver"
},
{
"lessThan": "16.3.1",
"status": "affected",
"version": "16.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [ricardobrito](https://hackerone.com/ricardobrito) for reporting this vulnerability through our HackerOne bug bounty program."
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T04:06:36.504Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #420301",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/420301"
},
{
"name": "HackerOne Bug Bounty Report #2083440",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2083440"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.3.1, 16.2.5 or above."
}
],
"title": "Direct Request (\u0027Forced Browsing\u0027) in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-4018",
"datePublished": "2023-09-01T10:30:41.985Z",
"dateReserved": "2023-07-31T12:30:31.240Z",
"dateUpdated": "2026-04-27T04:06:36.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3792 (GCVE-0-2023-3792)
Vulnerability from cvelistv5 – Published: 2023-07-20 19:00 – Updated: 2024-08-02 07:08- CWE-425 - Direct Request
| URL | Tags |
|---|---|
| https://vuldb.com/?id.235059 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.235059 | signaturepermissions-required |
| https://github.com/CYN521/cve/blob/main/NS-ASG.md | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Beijing Netcon | NS-ASG |
Affected:
6.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.235059"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.235059"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/CYN521/cve/blob/main/NS-ASG.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NS-ASG",
"vendor": "Beijing Netcon",
"versions": [
{
"status": "affected",
"version": "6.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "CYN521 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/test_status.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Beijing Netcon NS-ASG 6.3 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/test_status.php. Dank der Manipulation mit unbekannten Daten kann eine direct request-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T17:49:49.610Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.235059"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.235059"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CYN521/cve/blob/main/NS-ASG.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-20T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-15T09:56:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Beijing Netcon NS-ASG test_status.php direct request"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3792",
"datePublished": "2023-07-20T19:00:04.971Z",
"dateReserved": "2023-07-20T07:45:36.548Z",
"dateUpdated": "2024-08-02T07:08:50.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3426 (GCVE-0-2023-3426)
Vulnerability from cvelistv5 – Published: 2023-08-02 09:40 – Updated: 2024-10-11 14:09- CWE-425 - Direct Request ('Forced Browsing')
| URL | Tags |
|---|---|
| https://liferay.dev/portal/security/known-vulnera… | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3426"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T13:02:53.152164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T14:09:13.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DXP",
"vendor": "Liferay",
"versions": [
{
"lessThanOrEqual": "7.4.13.u85",
"status": "affected",
"version": "7.4.13.u81",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Portal",
"vendor": "Liferay",
"versions": [
{
"lessThanOrEqual": "7.4.3.85",
"status": "affected",
"version": "7.4.3.81",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "4rth4s"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations."
}
],
"value": "The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:24:59.097Z",
"orgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
"shortName": "Liferay"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3426"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
"assignerShortName": "Liferay",
"cveId": "CVE-2023-3426",
"datePublished": "2023-08-02T09:40:28.090Z",
"dateReserved": "2023-06-27T05:43:01.235Z",
"dateUpdated": "2024-10-11T14:09:13.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2524 (GCVE-0-2023-2524)
Vulnerability from cvelistv5 – Published: 2023-05-04 18:31 – Updated: 2025-01-29 17:56- CWE-425 - Direct Request
| URL | Tags |
|---|---|
| https://vuldb.com/?id.228015 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.228015 | signature |
| Vendor | Product | Version | |
|---|---|---|---|
| Control iD | RHiD |
Affected:
23.3.19.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.228015"
},
{
"tags": [
"signature",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.228015"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:56:49.180119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T17:56:58.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RHiD",
"vendor": "Control iD",
"versions": [
{
"status": "affected",
"version": "23.3.19.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Stux (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Control iD RHiD 23.3.19.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /v2/#/. Durch das Manipulieren mit unbekannten Daten kann eine direct request-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T05:26:00.260Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.228015"
},
{
"tags": [
"signature"
],
"url": "https://vuldb.com/?ctiid.228015"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-05-04T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-05-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-05-27T16:04:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "Control iD RHiD direct request"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-2524",
"datePublished": "2023-05-04T18:31:03.558Z",
"dateReserved": "2023-05-04T16:21:42.872Z",
"dateUpdated": "2025-01-29T17:56:58.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1699 (GCVE-0-2023-1699)
Vulnerability from cvelistv5 – Published: 2023-03-30 09:26 – Updated: 2025-02-11 20:12- CWE-425 - Direct Request ('Forced Browsing')
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/nexpose/20230329/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T20:12:05.970309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T20:12:14.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "6.6.186",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Casey Cooper"
}
],
"datePublic": "2023-03-29T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability.\u0026nbsp; This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.\u0026nbsp;\u0026nbsp;"
}
],
"value": "Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability.\u00a0 This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.\u00a0\u00a0"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T09:26:13.515Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://docs.rapid7.com/release-notes/nexpose/20230329/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Nexpose Forced Browsing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-1699",
"datePublished": "2023-03-30T09:26:13.515Z",
"dateReserved": "2023-03-29T14:17:15.354Z",
"dateUpdated": "2025-02-11T20:12:14.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1682 (GCVE-0-2023-1682)
Vulnerability from cvelistv5 – Published: 2023-03-28 23:31 – Updated: 2024-08-02 05:57- CWE-425 - Direct Request
| URL | Tags |
|---|---|
| https://vuldb.com/?id.224239 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.224239 | signaturepermissions-required |
| https://github.com/2714925725/CMS-bug/blob/main/I… | exploit |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.224239"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.224239"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/2714925725/CMS-bug/blob/main/Informationdisclosure-1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS",
"vendor": "Xunrui",
"versions": [
{
"status": "affected",
"version": "4.61"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224239."
},
{
"lang": "de",
"value": "In Xunrui CMS 4.61 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /dayrui/My/Config/Install.txt. Durch Manipulation mit unbekannten Daten kann eine direct request-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-21T13:49:14.004Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.224239"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.224239"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/2714925725/CMS-bug/blob/main/Informationdisclosure-1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-03-28T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-03-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-04-16T14:27:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "Xunrui CMS Install.txt direct request"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-1682",
"datePublished": "2023-03-28T23:31:05.404Z",
"dateReserved": "2023-03-28T20:20:52.813Z",
"dateUpdated": "2024-08-02T05:57:24.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1663 (GCVE-0-2023-1663)
Vulnerability from cvelistv5 – Published: 2023-03-29 13:16 – Updated: 2025-02-12 16:19- CWE-425 - Direct Request ('Forced Browsing')
| URL | Tags |
|---|---|
| https://community.synopsys.com/s/article/SIG-Prod… | vendor-advisory |
| https://community.synopsys.com/s/article/Mitigati… | mitigation |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform"
},
{
"tags": [
"mitigation",
"x_transferred"
],
"url": "https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:18:31.426850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:19:38.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Coverity",
"vendor": "Synopsys",
"versions": [
{
"lessThanOrEqual": "2023.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Juha Leivo"
}
],
"datePublic": "2023-03-29T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible.\u0026nbsp;5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)"
}
],
"value": "Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible.\u00a05.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)"
}
],
"impacts": [
{
"capecId": "CAPEC-87",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-87 Forceful Browsing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T13:16:40.269Z",
"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"shortName": "SNPS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform"
},
{
"tags": [
"mitigation"
],
"url": "https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authenticated Resources Accessible via Forced Browsing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"assignerShortName": "SNPS",
"cveId": "CVE-2023-1663",
"datePublished": "2023-03-29T13:16:40.269Z",
"dateReserved": "2023-03-27T16:21:21.908Z",
"dateUpdated": "2025-02-12T16:19:38.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files.
Mitigation
Consider using MVC based frameworks such as Struts.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-143: Detect Unpublicized Web Pages
An adversary searches a targeted web site for web pages that have not been publicized. In doing this, the adversary may be able to gain access to information that the targeted site did not intend to make public.
CAPEC-144: Detect Unpublicized Web Services
An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.
CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)
An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.
CAPEC-87: Forceful Browsing
An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.