CVE-2023-24015

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:47

Type Values Removed Values Added
References () https://security.nozominetworks.com/NN-2023:6-01 - Vendor Advisory () https://security.nozominetworks.com/NN-2023:6-01 - Vendor Advisory

20 Sep 2024, 12:15

Type Values Removed Values Added
CWE CWE-20 CWE-1286

28 May 2024, 13:15

Type Values Removed Values Added
Summary (en) A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading. (en) A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.

16 Aug 2023, 16:45

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References (MISC) https://security.nozominetworks.com/NN-2023:6-01 - (MISC) https://security.nozominetworks.com/NN-2023:6-01 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
CPE cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*

09 Aug 2023, 12:46

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-09 10:15

Updated : 2024-11-21 07:47


NVD link : CVE-2023-24015

Mitre link : CVE-2023-24015

CVE.ORG link : CVE-2023-24015


JSON object : View

Products Affected

nozominetworks

  • guardian
  • cmc
CWE
CWE-1286

Improper Validation of Syntactic Correctness of Input

NVD-CWE-noinfo