VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ea8z-9myn-aaab

Essentials
Severities (124)
References (35)
Severity details (40)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-ea8z-9myn-aaab
Aliases	CVE-2023-33201 GHSA-hr8g-6v94-x4m9
Summary	Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-295	Improper Certificate Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2023:3954
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:3954
cvssv3.1	6.5	https://access.redhat.com/errata/RHSA-2023:5484
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:5484
cvssv3.1	6.5	https://access.redhat.com/errata/RHSA-2023:5485
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:5485
cvssv3.1	6.5	https://access.redhat.com/errata/RHSA-2023:5486
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:5486
cvssv3.1	6.5	https://access.redhat.com/errata/RHSA-2023:5488
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:5488
cvssv3.1	6	https://access.redhat.com/errata/RHSA-2024:1353
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1353
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33201.json
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2023-33201
cvssv3.1	5.5	https://bouncycastle.org
generic_textual	MODERATE	https://bouncycastle.org
ssvc	Track	https://bouncycastle.org
cvssv3.1	5.3	https://bouncycastle.org/releasenotes.html#r1rv74
generic_textual	MODERATE	https://bouncycastle.org/releasenotes.html#r1rv74
cvssv3.1	8.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-hr8g-6v94-x4m9
cvssv3.1	5.5	https://github.com/bcgit/bc-java
generic_textual	LOW	https://github.com/bcgit/bc-java
cvssv3.1	5.3	https://github.com/bcgit/bc-java/commit/ccf93ca736b89250ff4ce079a5aa56f5cbf0ebbd
generic_textual	MODERATE	https://github.com/bcgit/bc-java/commit/ccf93ca736b89250ff4ce079a5aa56f5cbf0ebbd
cvssv3.1	5.3	https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
generic_textual	MODERATE	https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
ssvc	Track	https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
cvssv3.1	5.3	https://github.com/bcgit/bc-java/commits/main/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
generic_textual	MODERATE	https://github.com/bcgit/bc-java/commits/main/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
cvssv3.1	5.3	https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
generic_textual	MODERATE	https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
ssvc	Track	https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
cvssv3.1	5.3	https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html
cvssv3	5.3	https://nvd.nist.gov/vuln/detail/CVE-2023-33201
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2023-33201
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20230824-0008
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20230824-0008
ssvc	Track	https://security.netapp.com/advisory/ntap-20230824-0008/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33201.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-33201
		https://bouncycastle.org
		https://bouncycastle.org/releasenotes.html#r1rv74
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/bcgit/bc-java
		https://github.com/bcgit/bc-java/commit/ccf93ca736b89250ff4ce079a5aa56f5cbf0ebbd
		https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
		https://github.com/bcgit/bc-java/commits/main/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
		https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
		https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html
		https://security.netapp.com/advisory/ntap-20230824-0008
		https://security.netapp.com/advisory/ntap-20230824-0008/
1040050		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040050
2215465		https://bugzilla.redhat.com/show_bug.cgi?id=2215465
cpe:2.3:a:bouncycastle:bc-java::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java::::::::
CVE-2023-33201		https://nvd.nist.gov/vuln/detail/CVE-2023-33201
GHSA-hr8g-6v94-x4m9		https://github.com/advisories/GHSA-hr8g-6v94-x4m9
RHSA-2023:3954		https://access.redhat.com/errata/RHSA-2023:3954
RHSA-2023:5147		https://access.redhat.com/errata/RHSA-2023:5147
RHSA-2023:5165		https://access.redhat.com/errata/RHSA-2023:5165
RHSA-2023:5484		https://access.redhat.com/errata/RHSA-2023:5484
RHSA-2023:5485		https://access.redhat.com/errata/RHSA-2023:5485
RHSA-2023:5486		https://access.redhat.com/errata/RHSA-2023:5486
RHSA-2023:5488		https://access.redhat.com/errata/RHSA-2023:5488
RHSA-2023:7482		https://access.redhat.com/errata/RHSA-2023:7482
RHSA-2023:7483		https://access.redhat.com/errata/RHSA-2023:7483
RHSA-2023:7484		https://access.redhat.com/errata/RHSA-2023:7484
RHSA-2023:7486		https://access.redhat.com/errata/RHSA-2023:7486
RHSA-2023:7488		https://access.redhat.com/errata/RHSA-2023:7488
RHSA-2023:7669		https://access.redhat.com/errata/RHSA-2023:7669
RHSA-2023:7678		https://access.redhat.com/errata/RHSA-2023:7678
RHSA-2024:0278		https://access.redhat.com/errata/RHSA-2024:0278
RHSA-2024:1353		https://access.redhat.com/errata/RHSA-2024:1353

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:3954

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/ Found at https://access.redhat.com/errata/RHSA-2023:3954

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:5484

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-26T20:01:33Z/ Found at https://access.redhat.com/errata/RHSA-2023:5484

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:5485

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-26T20:01:33Z/ Found at https://access.redhat.com/errata/RHSA-2023:5485

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:5486

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-26T20:01:33Z/ Found at https://access.redhat.com/errata/RHSA-2023:5486

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:5488

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-26T20:01:33Z/ Found at https://access.redhat.com/errata/RHSA-2023:5488

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L Found at https://access.redhat.com/errata/RHSA-2024:1353

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/ Found at https://access.redhat.com/errata/RHSA-2024:1353

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33201.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bouncycastle.org

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/ Found at https://bouncycastle.org

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://bouncycastle.org/releasenotes.html#r1rv74

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/bcgit/bc-java

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/bcgit/bc-java/commit/ccf93ca736b89250ff4ce079a5aa56f5cbf0ebbd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/ Found at https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/bcgit/bc-java/commits/main/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/bcgit/bc-java/wiki/CVE-2023-33201

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/ Found at https://github.com/bcgit/bc-java/wiki/CVE-2023-33201

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-33201

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-33201

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20230824-0008

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/ Found at https://security.netapp.com/advisory/ntap-20230824-0008/

Exploit Prediction Scoring System (EPSS)

Percentile	0.41182
EPSS Score	0.00096
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.