A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
Metrics
Affected Vendors & Products
References
History
Thu, 17 Oct 2024 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A CWE-862 “Missing Authorization” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. | A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. |
Mon, 30 Sep 2024 10:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ailux
Ailux imx6 Bundle |
|
Weaknesses | CWE-862 | |
CPEs | cpe:2.3:a:ailux:imx6_bundle:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ailux
Ailux imx6 Bundle |
|
Metrics |
ssvc
|
Mon, 30 Sep 2024 10:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-425 |
MITRE
Status: PUBLISHED
Assigner: Nozomi
Published: 2024-03-05T11:31:08.100Z
Updated: 2024-10-17T09:30:55.851Z
Reserved: 2023-10-09T08:26:54.317Z
Link: CVE-2023-45596
Vulnrichment
Updated: 2024-08-02T20:21:16.682Z
NVD
Status : Awaiting Analysis
Published: 2024-03-05T12:15:46.913
Modified: 2024-10-17T10:15:02.930
Link: CVE-2023-45596
Redhat
No data.