Description

An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.

Related CPE's

a

nozominetworks

cmc

Vulnerable

a

nozominetworks

guardian

Vulnerable

References

https://security.nozominetworks.com/NN-2023:5-01

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-863

[email protected]

Secondary
CWE-863

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-09T09:15:13.860

11 months ago

Last modified

2024-05-28T13:15:09.460

1 month ago