Search for vulnerabilities
Vulnerability details: VCID-pcvp-wv2z-aaas
Vulnerability ID VCID-pcvp-wv2z-aaas
Aliases CVE-2023-46589
GHSA-fccv-jmmp-qg76
Summary Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json
epss 0.00484 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00484 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00484 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00484 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00484 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00484 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00484 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00484 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00596 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00784 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00784 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00784 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00849 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00849 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.00849 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.15182 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.15182 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.15182 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.15182 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.15182 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.18922 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.18922 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.18922 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.18922 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.18922 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.18922 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.18922 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.18922 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.32978 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.32978 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.32978 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.3629 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.3629 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.45383 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.4962 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.52094 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.52094 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.52094 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.52094 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.52094 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.52094 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
epss 0.52094 https://api.first.org/data/v1/epss?cve=CVE-2023-46589
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-fccv-jmmp-qg76
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
cvssv3.1 7.5 https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
generic_textual HIGH https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
cvssv3.1 7.5 https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
generic_textual HIGH https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
cvssv3.1 7.5 https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
generic_textual HIGH https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
cvssv3.1 7.5 https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
generic_textual HIGH https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
cvssv3.1 7.5 https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
generic_textual HIGH https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-46589
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-46589
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20231214-0009
generic_textual HIGH https://security.netapp.com/advisory/ntap-20231214-0009
cvssv3.1 7.5 https://tomcat.apache.org/security-10.html
generic_textual HIGH https://tomcat.apache.org/security-10.html
cvssv3.1 7.5 https://tomcat.apache.org/security-11.html
generic_textual HIGH https://tomcat.apache.org/security-11.html
cvssv3.1 5.3 https://tomcat.apache.org/security-8.html
generic_textual MODERATE https://tomcat.apache.org/security-8.html
cvssv3.1 7.5 https://tomcat.apache.org/security-9.html
generic_textual HIGH https://tomcat.apache.org/security-9.html
cvssv3.1 7.5 https://www.openwall.com/lists/oss-security/2023/11/28/2
generic_textual HIGH https://www.openwall.com/lists/oss-security/2023/11/28/2
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2023/11/28/2
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/11/28/2
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json
https://api.first.org/data/v1/epss?cve=CVE-2023-46589
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
https://security.netapp.com/advisory/ntap-20231214-0009
https://security.netapp.com/advisory/ntap-20231214-0009/
https://tomcat.apache.org/security-10.html
https://tomcat.apache.org/security-11.html
https://tomcat.apache.org/security-8.html
https://tomcat.apache.org/security-9.html
https://www.openwall.com/lists/oss-security/2023/11/28/2
http://www.openwall.com/lists/oss-security/2023/11/28/2
1057082 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082
2252050 https://bugzilla.redhat.com/show_bug.cgi?id=2252050
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*
CVE-2023-46589 https://nvd.nist.gov/vuln/detail/CVE-2023-46589
GHSA-fccv-jmmp-qg76 https://github.com/advisories/GHSA-fccv-jmmp-qg76
RHSA-2024:0532 https://access.redhat.com/errata/RHSA-2024:0532
RHSA-2024:0539 https://access.redhat.com/errata/RHSA-2024:0539
RHSA-2024:1092 https://access.redhat.com/errata/RHSA-2024:1092
RHSA-2024:1134 https://access.redhat.com/errata/RHSA-2024:1134
RHSA-2024:1318 https://access.redhat.com/errata/RHSA-2024:1318
RHSA-2024:1319 https://access.redhat.com/errata/RHSA-2024:1319
RHSA-2024:1324 https://access.redhat.com/errata/RHSA-2024:1324
RHSA-2024:1325 https://access.redhat.com/errata/RHSA-2024:1325
RHSA-2024:3354 https://access.redhat.com/errata/RHSA-2024:3354
USN-7032-1 https://usn.ubuntu.com/7032-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-46589
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-46589
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20231214-0009
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-10.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-11.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://tomcat.apache.org/security-8.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-9.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.openwall.com/lists/oss-security/2023/11/28/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2023/11/28/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.76461
EPSS Score 0.00484
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-01-03T17:13:39.025368+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2023-46589 34.0.0rc1