{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2023-7240",
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "state": "PUBLISHED",
        "assignerShortName": "OpenText",
        "dateReserved": "2024-01-23T18:47:50.140Z",
        "datePublished": "2024-05-07T13:11:23.031Z",
        "dateUpdated": "2024-08-02T08:57:35.206Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "defaultStatus": "unaffected",
                    "platforms": [
                        "Linux",
                        "64 bit"
                    ],
                    "product": "NetIQ Identity Console",
                    "vendor": "OpenText",
                    "versions": [
                        {
                            "lessThanOrEqual": "1.7.1",
                            "status": "affected",
                            "version": "1.0.0",
                            "versionType": "custom"
                        }
                    ]
                }
            ],
            "datePublic": "2024-03-13T09:45:00.000Z",
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "&nbsp;An improper authorization level has been detected in the login panel. It may lead to\nunauthenticated Server Side Request Forgery and allows to perform open services\nenumeration. Server makes query to provided server (Server IP/DNS field) and is\ntriggering connection to arbitrary address.\n\n\n\n"
                        }
                    ],
                    "value": " An improper authorization level has been detected in the login panel. It may lead to\nunauthenticated Server Side Request Forgery and allows to perform open services\nenumeration. Server makes query to provided server (Server IP/DNS field) and is\ntriggering connection to arbitrary address.\n\n"
                }
            ],
            "impacts": [
                {
                    "capecId": "CAPEC-114",
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "CAPEC-114 Authentication Abuse"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "LOW",
                        "attackVector": "NETWORK",
                        "availabilityImpact": "NONE",
                        "baseScore": 5.8,
                        "baseSeverity": "MEDIUM",
                        "confidentialityImpact": "LOW",
                        "integrityImpact": "NONE",
                        "privilegesRequired": "NONE",
                        "scope": "CHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-20",
                            "description": "CWE-20 Improper Input Validation",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
                "shortName": "OpenText",
                "dateUpdated": "2024-05-07T13:11:23.031Z"
            },
            "references": [
                {
                    "url": "https://www.netiq.com/documentation/identity-console/identity_console1720000_releasenotes/data/identity_console1720000_releasenotes.html"
                }
            ],
            "source": {
                "discovery": "UNKNOWN"
            },
            "title": "Broken Access Control leading to SSRF in NetIQ Identity Console",
            "x_generator": {
                "engine": "Vulnogram 0.1.0-dev"
            }
        },
        "adp": [
            {
                "title": "CISA ADP Vulnrichment",
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "id": "CVE-2023-7240",
                                "role": "CISA Coordinator",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "yes"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "version": "2.0.3",
                                "timestamp": "2024-05-07T18:56:02.508836Z"
                            }
                        }
                    }
                ],
                "affected": [
                    {
                        "cpes": [
                            "cpe:2.3:a:opentext:netiq_identity_console:-:*:*:*:*:*:*:*"
                        ],
                        "vendor": "opentext",
                        "product": "netiq_identity_console",
                        "versions": [
                            {
                                "status": "affected",
                                "version": "-",
                                "lessThan": "1.7.2",
                                "versionType": "custom"
                            }
                        ],
                        "defaultStatus": "unknown"
                    }
                ],
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-06-04T17:17:29.988Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-02T08:57:35.206Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://www.netiq.com/documentation/identity-console/identity_console1720000_releasenotes/data/identity_console1720000_releasenotes.html",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}