Vulnerability Description
NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netapp | Cloud Backup | - |
| Netapp | Ontap Select Deploy | - |
| F5 | Nginx Api Connectivity Manager | >= 1.0.0, < 1.5.0 |
| F5 | Nginx Instance Manager | >= 2.0.0, < 2.9.0 |
| F5 | Nginx Security Monitoring | >= 1.0.0, < 1.3.0 |
Related Weaknesses (CWE)
References
- https://my.f5.com/manage/s/article/K000133417Vendor Advisory
- https://security.netapp.com/advisory/ntap-20230609-0006/Third Party Advisory
- https://my.f5.com/manage/s/article/K000133417Vendor Advisory
- https://security.netapp.com/advisory/ntap-20230609-0006/Third Party Advisory
FAQ
What is CVE-2023-28656?
CVE-2023-28656 is a vulnerability with a CVSS score of 8.1 (HIGH). NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical...
How severe is CVE-2023-28656?
CVE-2023-28656 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28656?
Check the references section above for vendor advisories and patch information. Affected products include: Netapp Cloud Backup, Netapp Ontap Select Deploy, F5 Nginx Api Connectivity Manager, F5 Nginx Instance Manager, F5 Nginx Security Monitoring.