Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2023-6837 | First vendor Publication | 2023-12-15 |
| Vendor | Cve | Last vendor Modification | 2024-01-05 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 8.2 | ||
| Base Score | 8.2 | Environmental Score | 8.2 |
| impact SubScore | 5.8 | Temporal Score | 8.2 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Network | Attack Complexity | High |
| Privileges Required | Low | User Interaction | None |
| Scope | Changed | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6837 |
CPE : Common Platform Enumeration
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-01-06 00:27:39 |
|
| 2023-12-15 17:27:27 |
|
| 2023-12-15 13:27:25 |
|
