CVE-2023-23903
Published: 09 August 2023
Summary
CVE-2023-23903 is a medium-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Nozominetworks Cmc. Its CVSS base score is 6.9 (Medium).
Operationally, ranked at the 37.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-27986
Vulnerability details
An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.