Overview
- Description
- An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention.
- Source
- prodsec@nozominetworks.com
- NVD status
- Modified
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 6.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 4.9
- Impact score
- 3.6
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- prodsec@nozominetworks.com
- CWE-1286
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5DACA15-76B3-417A-8776-9014575659A6",
"versionEndExcluding": "22.6.2"
},
{
"criteria": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6317D905-9F4B-42A1-937E-AB79D99B1973",
"versionEndExcluding": "22.6.2"
}
],
"operator": "OR"
}
]
}
]