CVE-2023-6916 HIGH

CVE-2023-6916: Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1

Vendor Nozomi Networks
Product Guardian
Weakness CWE-201
Published April 10, 2024
Last update September 20, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation.

Key dates

02Disclosure timeline

April 10, 2024 CVE published
September 20, 2024 Record updated