Vulnerability Description
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bladex | Springblade | <= 3.6.0 |
Related Weaknesses (CWE)
References
- https://gist.github.com/kaliwin/89276ec7e97f9529c989bd77706c29c7Third Party Advisory
- https://github.com/chillzhuang/SpringBladeProduct
- https://github.com/chillzhuang/SpringBlade/blob/master/blade-gateway/src/main/jaExploit
- https://gist.github.com/kaliwin/89276ec7e97f9529c989bd77706c29c7Third Party Advisory
- https://github.com/chillzhuang/SpringBladeProduct
- https://github.com/chillzhuang/SpringBlade/blob/master/blade-gateway/src/main/jaExploit
FAQ
What is CVE-2023-40788?
CVE-2023-40788 is a vulnerability with a CVSS score of 5.3 (MEDIUM). SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs
How severe is CVE-2023-40788?
CVE-2023-40788 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-40788?
Check the references section above for vendor advisories and patch information. Affected products include: Bladex Springblade.