Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4837", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2023-09-08T11:43:25.153Z", "datePublished": "2023-10-10T09:20:53.558Z", "dateUpdated": "2024-09-18T19:02:34.543Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "SmodBIP", "repo": "https://smod.pl/pliki/smodbip221.zip", "vendor": "Jan Syski", "versions": [{"lessThan": "*", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Krzysztof Zaj\u0105c (CERT.PL)"}], "datePublic": "2023-10-10T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. <br><code>This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the vulnerability will not be fixed.</code></div>"}], "value": "SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. \nThis issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the vulnerability will not be fixed.\n\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2023-10-10T09:20:53.558Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2023/10/CVE-2023-4837/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2023/10/CVE-2023-4837/"}, {"tags": ["product"], "url": "https://smod.pl/"}], "source": {"discovery": "UNKNOWN"}, "tags": ["unsupported-when-assigned"], "title": "Cross-site request forgery (CSRF) in SmodBIP", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.859Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/posts/2023/10/CVE-2023-4837/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/en/posts/2023/10/CVE-2023-4837/"}, {"tags": ["product", "x_transferred"], "url": "https://smod.pl/"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T19:01:00.494841Z", "id": "CVE-2023-4837", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T19:02:34.543Z"}}]}} 
MITRE
Vulnrichment
NVD
Redhat