CVE-2023-4093 - Vulnerability Details - OpenCVE

Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00123.

Key SSVC decision points have not yet been added.

Vendors	Products
Fujitsu	Arconte Aurea

Configuration 1 [-]

cpe:2.3:a:fujitsu:arconte_aurea:1.5.0.0:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-53983	Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.

Fixes

Solution

This vulnerabilities have been fixed by Fujitsu in version 1.5.0.0, released on 4/4/2022. All new versions of the product, including the latest 1.6.2.3, also include the fixes.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea

History

No history.

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2023-09-19T13:00:27.476Z

Updated: 2024-09-06T14:12:35.915Z

Reserved: 2023-08-02T11:05:15.557Z

Link: CVE-2023-4093

Vulnrichment

Updated: 2024-08-02T07:17:11.871Z

NVD

Status : Modified

Published: 2023-09-19T14:15:22.177

Modified: 2024-11-21T08:34:22.607

Link: CVE-2023-4093

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4093", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2023-08-02T11:05:15.557Z", "datePublished": "2023-09-19T13:00:27.476Z", "dateUpdated": "2024-09-06T14:12:35.915Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Arconte \u00c1urea", "vendor": "Fujitsu ", "versions": [{"lessThan": "1.5.0.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Pablo Arias Rodriguez and Jorge Alberto Palma Reyes, members of CSIRT-CV"}], "datePublic": "2023-09-01T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Reflected and persistent XSS vulnerability in Arconte \u00c1urea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user."}], "value": "Reflected and persistent XSS vulnerability in Arconte \u00c1urea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-09-19T13:00:27.476Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This vulnerabilities have been fixed by Fujitsu in version 1.5.0.0, released on 4/4/2022. All new versions of the product, including the latest 1.6.2.3, also include the fixes."}], "value": "This vulnerabilities have been fixed by Fujitsu in version 1.5.0.0, released on 4/4/2022. All new versions of the product, including the latest 1.6.2.3, also include the fixes."}], "source": {"discovery": "EXTERNAL"}, "title": "Reflected and persistent XSS vulnerability in Fujitsu Arconte \u00c1urea", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:17:11.871Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T14:07:20.199662Z", "id": "CVE-2023-4093", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T14:12:35.915Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:17:11.871Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4093", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-06T14:07:20.199662Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T14:12:29.657Z"}}], "cna": {"title": "Reflected and persistent XSS vulnerability in Fujitsu Arconte \u00c1urea", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Pablo Arias Rodriguez and Jorge Alberto Palma Reyes, members of CSIRT-CV"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Fujitsu ", "product": "Arconte \u00c1urea", "versions": [{"status": "affected", "version": "0", "lessThan": "1.5.0.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This vulnerabilities have been fixed by Fujitsu in version 1.5.0.0, released on 4/4/2022. All new versions of the product, including the latest 1.6.2.3, also include the fixes.", "supportingMedia": [{"type": "text/html", "value": "This vulnerabilities have been fixed by Fujitsu in version 1.5.0.0, released on 4/4/2022. All new versions of the product, including the latest 1.6.2.3, also include the fixes.", "base64": false}]}], "datePublic": "2023-09-01T10:00:00.000Z", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Reflected and persistent XSS vulnerability in Arconte \u00c1urea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.", "supportingMedia": [{"type": "text/html", "value": "Reflected and persistent XSS vulnerability in Arconte \u00c1urea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-09-19T13:00:27.476Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4093", "state": "PUBLISHED", "dateUpdated": "2024-09-06T14:12:35.915Z", "dateReserved": "2023-08-02T11:05:15.557Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2023-09-19T13:00:27.476Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fujitsu:arconte_aurea:1.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5718D4D2-D570-4848-A1BA-031A0E8C548A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Reflected and persistent XSS vulnerability in Arconte \u00c1urea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user."}, {"lang": "es", "value": "Vulnerabilidad XSS reflejada y persistente en Arconte \u00c1urea, en su versi\u00f3n 1.5.0.0. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante inyectar c\u00f3digo JavaScript malicioso, comprometer el navegador de la v\u00edctima y tomar el control del mismo, redirigir al usuario a dominios maliciosos o acceder a informaci\u00f3n que est\u00e1 viendo el usuario leg\u00edtimo."}], "id": "CVE-2023-4093", "lastModified": "2024-11-21T08:34:22.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-19T14:15:22.177", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}