CVE-2023-5913 - Vulnerability Details - OpenCVE

Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00218.

Key SSVC decision points have not yet been added.

Vendors	Products
Microfocus	Fortify Scancentral Dast

Configuration 1 [-]

OR	cpe:2.3:a:microfocus:fortify_scancentral_dast:21.1:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2.1:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1.1:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:22.2:::::::*
	cpe:2.3:a:microfocus:fortify_scancentral_dast:23.1:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-58186	Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.

Fixes

Solution

portal.microfocus.com/s/article/KM000023500?language=en_US https://portal.microfocus.com/s/article/KM000023500

Workaround

No workaround given by the vendor.

References

Link	Providers
https://portal.microfocus.com/s/article/KM000023500?language=en_US

History

No history.

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2023-11-08T16:42:31.074Z

Updated: 2024-09-04T13:53:22.231Z

Reserved: 2023-11-01T22:02:30.314Z

Link: CVE-2023-5913

Vulnrichment

Updated: 2024-08-02T08:14:24.622Z

NVD

Status : Modified

Published: 2023-11-08T17:15:08.193

Modified: 2024-11-21T08:42:45.787

Link: CVE-2023-5913

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5913", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2023-11-01T22:02:30.314Z", "datePublished": "2023-11-08T16:42:31.074Z", "dateUpdated": "2024-09-04T13:53:22.231Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Fortify ScanCentral DAST", "vendor": "opentext", "versions": [{"status": "affected", "version": "21.1"}, {"status": "affected", "version": "21.2"}, {"status": "affected", "version": "21.2.1"}, {"status": "affected", "version": "22.1"}, {"status": "affected", "version": "22.1.1"}, {"status": "affected", "version": "22.2"}, {"status": "affected", "version": "23.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The<span style=\"background-color: rgb(255, 255, 255);\"> vulnerability could be exploited to gain elevated privileges</span>.<p>This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.</p>"}], "value": "Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The\u00a0vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.\n\n"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Could lead to gaining elevated privileges"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2023-11-08T16:42:31.074Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000023500?language=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000023500?language=en_US\">portal.microfocus.com/s/article/KM000023500?language=en_US</a>\n\n<br>"}], "value": "\n portal.microfocus.com/s/article/KM000023500?language=en_US https://portal.microfocus.com/s/article/KM000023500 \n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "A potential Privilege Escalation vulnerability in opentext Fortify ScanCentral DAST API.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.622Z"}, "title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000023500?language=en_US", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "CWE-266 Incorrect Privilege Assignment"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T13:51:53.335836Z", "id": "CVE-2023-5913", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T13:53:22.231Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000023500?language=en_US", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.622Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5913", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T13:51:53.335836Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T13:53:13.536Z"}}], "cna": {"title": "A potential Privilege Escalation vulnerability in opentext Fortify ScanCentral DAST API.", "source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Could lead to gaining elevated privileges"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "opentext", "product": "Fortify ScanCentral DAST", "versions": [{"status": "affected", "version": "21.1"}, {"status": "affected", "version": "21.2"}, {"status": "affected", "version": "21.2.1"}, {"status": "affected", "version": "22.1"}, {"status": "affected", "version": "22.1.1"}, {"status": "affected", "version": "22.2"}, {"status": "affected", "version": "23.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\n portal.microfocus.com/s/article/KM000023500?language=en_US https://portal.microfocus.com/s/article/KM000023500 \n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000023500?language=en_US\">portal.microfocus.com/s/article/KM000023500?language=en_US</a>\n\n<br>", "base64": false}]}], "references": [{"url": "https://portal.microfocus.com/s/article/KM000023500?language=en_US"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The\u00a0vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.\n\n", "supportingMedia": [{"type": "text/html", "value": "Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The<span style=\"background-color: rgb(255, 255, 255);\"> vulnerability could be exploited to gain elevated privileges</span>.<p>This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2023-11-08T16:42:31.074Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5913", "state": "PUBLISHED", "dateUpdated": "2024-09-04T13:53:22.231Z", "dateReserved": "2023-11-01T22:02:30.314Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2023-11-08T16:42:31.074Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:21.1:*:*:*:*:*:*:*", "matchCriteriaId": "5578907C-9142-461B-88F3-D4510D57E23A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2:*:*:*:*:*:*:*", "matchCriteriaId": "DDE09FF8-AFDD-4F5E-AF44-FFE8854F5763", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:21.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "8EF4C5A3-E698-469A-A8AB-223AC6013B1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1:*:*:*:*:*:*:*", "matchCriteriaId": "0926D3A0-76B2-435C-B691-58B51EDF81B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:22.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "956F2EB1-BF27-4F42-A325-E9F91EF60E5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:22.2:*:*:*:*:*:*:*", "matchCriteriaId": "6DA67A67-DC1E-4FC0-8A9B-8A2192E939BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:fortify_scancentral_dast:23.1:*:*:*:*:*:*:*", "matchCriteriaId": "9BFD11CE-87C4-40A2-A6EA-80CF1D465F4B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The\u00a0vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de asignaci\u00f3n de privilegios incorrecta en texto abierto Fortify ScanCentral DAST. La vulnerabilidad podr\u00eda aprovecharse para obtener privilegios elevados. Este problema afecta a Fortify ScanCentral DAST versiones 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1."}], "id": "CVE-2023-5913", "lastModified": "2024-11-21T08:42:45.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security@opentext.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-08T17:15:08.193", "references": [{"source": "security@opentext.com", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000023500?language=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000023500?language=en_US"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "security@opentext.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-266"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}