CVE-2023-5329 - OpenCVE

A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used. VDB-241030 is the identifier assigned to this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
F-logic	Datacube4 Firmware Datacube4

Configuration 1 [-]

AND

cpe:2.3:o:f-logic:datacube4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:f-logic:datacube4:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/CV3TR4CK/CV3Cyb3R/blob/main/2023/Field%20Logic/Field%20Logic%20DataCube4%20Web%20API%20Improper%20Authentication.md	Third Party Advisory
https://vuldb.com/?ctiid.241030	Third Party Advisory
https://vuldb.com/?id.241030	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2023-10-02T00:00:07.030Z

Updated: 2023-10-25T05:12:49.414Z

Reserved: 2023-10-01T16:14:07.712Z

Link: CVE-2023-5329

JSON object: View

NVD Information

Status : Modified

Published: 2023-10-02T00:15:10.100

Modified: 2024-05-17T02:33:01.263

Link: CVE-2023-5329

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-5329", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-10-01T16:14:07.712Z", "datePublished": "2023-10-02T00:00:07.030Z", "dateUpdated": "2023-10-25T05:12:49.414Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-25T05:12:49.414Z"}, "title": "Field Logic DataCube4 Web API improper authentication", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "CWE-287 Improper Authentication"}]}], "affected": [{"vendor": "Field Logic", "product": "DataCube4", "versions": [{"version": "20231001", "status": "affected"}], "modules": ["Web API"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used. VDB-241030 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "In Field Logic DataCube4 bis 20231001 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /api/ der Komponente Web API. Durch das Beeinflussen mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2023-10-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-10-01T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-10-01T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-10-23T08:32:44.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "CV3TR4CK (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.241030", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.241030", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/CV3TR4CK/CV3Cyb3R/blob/main/2023/Field%20Logic/Field%20Logic%20DataCube4%20Web%20API%20Improper%20Authentication.md", "tags": ["exploit"]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:f-logic:datacube4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E6F7F5D-716C-4C88-9B00-37BBD7E45176", "versionEndIncluding": "2023-10-01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:f-logic:datacube4:-:*:*:*:*:*:*:*", "matchCriteriaId": "708A3F9F-6FAC-4D97-A0C5-A1A780DD1FD3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used. VDB-241030 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Field Logic DataCube4 hasta 20231001 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /api/ del componente Web API. La manipulaci\u00f3n conduce a una autenticaci\u00f3n incorrecta. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-241030 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2023-5329", "lastModified": "2024-05-17T02:33:01.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-10-02T00:15:10.100", "references": [{"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://github.com/CV3TR4CK/CV3Cyb3R/blob/main/2023/Field%20Logic/Field%20Logic%20DataCube4%20Web%20API%20Improper%20Authentication.md"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.241030"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.241030"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "cna@vuldb.com", "type": "Primary"}]}