CVE-2023-23903

An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:47

Type Values Removed Values Added
References () https://security.nozominetworks.com/NN-2023:7-01 - Vendor Advisory () https://security.nozominetworks.com/NN-2023:7-01 - Vendor Advisory

20 Sep 2024, 12:15

Type Values Removed Values Added
CWE CWE-20 CWE-1286

28 May 2024, 13:15

Type Values Removed Values Added
Summary (en) An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention. (en) An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention.

16 Aug 2023, 19:44

Type Values Removed Values Added
References (MISC) https://security.nozominetworks.com/NN-2023:7-01 - (MISC) https://security.nozominetworks.com/NN-2023:7-01 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.9
CPE cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo

09 Aug 2023, 12:46

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-09 10:15

Updated : 2024-11-21 07:47


NVD link : CVE-2023-23903

Mitre link : CVE-2023-23903

CVE.ORG link : CVE-2023-23903


JSON object : View

Products Affected

nozominetworks

  • guardian
  • cmc
CWE
CWE-1286

Improper Validation of Syntactic Correctness of Input

NVD-CWE-noinfo