NGINX Management Suite vulnerability
CVE-2023-28656
8.1HIGH
Key Information
- Vendor
- F5
- Status
- NGINX Instance Manager
- NGINX API Connectivity Manager
- NGINX Security Monitoring
- Vendor
- CVE Published:
- 3 May 2023
Summary
NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected Version(s)
NGINX Instance Manager < 2.9.0
NGINX API Connectivity Manager < 1.5.0
NGINX Security Monitoring < 1.3.0
Refferences
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
F5