A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Hitachi Energy
Published: 2023-09-11T07:40:46.735Z
Updated: 2024-08-02T07:38:00.641Z
Reserved: 2023-09-07T07:02:56.867Z
Link: CVE-2023-4816
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-11T08:15:07.917
Modified: 2023-09-13T14:35:05.177
Link: CVE-2023-4816
Redhat
No data.