Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0
Vulnerability Description
An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration. This could result in a partial loss of data integrity. In Guardian/CMC instances with a reporting configuration, there could be limited Denial of Service (DoS) impacts, as the reports may not reach their intended destination, and there could also be limited information disclosure impacts. Furthermore, modifying the destination SMTP server for the reports could lead to the compromise of external credentials, as they might be sent to an unauthorized server. This could expand the scope of the attack.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
授权机制不正确
Vulnerability Title
Nozomi Networks Guardian/CMC 安全漏洞
Vulnerability Description
Nozomi Networks Guardian/CMC是美国Nozomi Networks公司的一个中央管理控制台。 Nozomi Networks Guardian/CMC存在安全漏洞,该漏洞源于报告部分的访问控制未对有限权限用户正确实施,可能导致数据完整性部分丢失、有限的拒绝服务(DoS)影响以及信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A