CVE-2023-5913 - OpenCVE

Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Microfocus	Fortify Scancentral Dast

Configuration 1 [-]

OR	cpe:2.3:a:microfocus:fortify_scancentral_dast:21.1:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2.1:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1.1:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:22.2:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:23.1:::::::*

References

Link	Resource
https://portal.microfocus.com/s/article/KM000023500?language=en_US	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: OpenText

Published: 2023-11-08T16:42:31.074Z

Updated: 2023-11-08T16:42:31.074Z

Reserved: 2023-11-01T22:02:30.314Z

Link: CVE-2023-5913

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-08T17:15:08.193

Modified: 2023-11-16T17:00:33.503

Link: CVE-2023-5913

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-5913", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2023-11-01T22:02:30.314Z", "datePublished": "2023-11-08T16:42:31.074Z", "dateUpdated": "2023-11-08T16:42:31.074Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Fortify ScanCentral DAST", "vendor": "opentext", "versions": [{"status": "affected", "version": "21.1"}, {"status": "affected", "version": "21.2"}, {"status": "affected", "version": "21.2.1"}, {"status": "affected", "version": "22.1"}, {"status": "affected", "version": "22.1.1"}, {"status": "affected", "version": "22.2"}, {"status": "affected", "version": "23.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The<span style=\"background-color: rgb(255, 255, 255);\"> vulnerability could be exploited to gain elevated privileges</span>.<p>This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.</p>"}], "value": "Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The\u00a0vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.\n\n"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Could lead to gaining elevated privileges"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2023-11-08T16:42:31.074Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000023500?language=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000023500?language=en_US\">portal.microfocus.com/s/article/KM000023500?language=en_US</a>\n\n<br>"}], "value": "\n portal.microfocus.com/s/article/KM000023500?language=en_US https://portal.microfocus.com/s/article/KM000023500 \n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "A potential Privilege Escalation vulnerability in opentext Fortify ScanCentral DAST API.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:21.1:*:*:*:*:*:*:*", "matchCriteriaId": "5578907C-9142-461B-88F3-D4510D57E23A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2:*:*:*:*:*:*:*", "matchCriteriaId": "DDE09FF8-AFDD-4F5E-AF44-FFE8854F5763", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "8EF4C5A3-E698-469A-A8AB-223AC6013B1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1:*:*:*:*:*:*:*", "matchCriteriaId": "0926D3A0-76B2-435C-B691-58B51EDF81B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "956F2EB1-BF27-4F42-A325-E9F91EF60E5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:22.2:*:*:*:*:*:*:*", "matchCriteriaId": "6DA67A67-DC1E-4FC0-8A9B-8A2192E939BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:23.1:*:*:*:*:*:*:*", "matchCriteriaId": "9BFD11CE-87C4-40A2-A6EA-80CF1D465F4B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The\u00a0vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de asignaci\u00f3n de privilegios incorrecta en texto abierto Fortify ScanCentral DAST. La vulnerabilidad podr\u00eda aprovecharse para obtener privilegios elevados. Este problema afecta a Fortify ScanCentral DAST versiones 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1."}], "id": "CVE-2023-5913", "lastModified": "2023-11-16T17:00:33.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2023-11-08T17:15:08.193", "references": [{"source": "security@opentext.com", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000023500?language=en_US"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-266"}], "source": "security@opentext.com", "type": "Secondary"}]}