Unauthorized Access Detected in Login Panel
CVE-2023-7240

5.8MEDIUM

Key Information:

Vendor: Opentext
Status: Netiq Identity Console
Vendor: CVE Published:; 7 May 2024

What is CVE-2023-7240?

An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address.

Affected Version(s)

NetIQ Identity Console Linux 1.0.0 <= 1.7.1

References

https://www.netiq.com/documentation/identity-console/iden...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Jan 23, 2024

CVE-2023-7240 Data

JSON

Opentext

What is CVE-2023-7240?

Affected Version(s)

References

CVSS V3.1

Timeline