CVE-2023-4093 (GCVE-0-2023-4093)
Vulnerability from cvelistv5
Published
2023-09-19 13:00
Modified
2024-09-06 14:12
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.
References
Impacted products
Vendor Product Version
Fujitsu Arconte Áurea Version: 0   < 1.5.0.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:17:11.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4093",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-06T14:07:20.199662Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-06T14:12:35.915Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Arconte \u00c1urea",
          "vendor": "Fujitsu ",
          "versions": [
            {
              "lessThan": "1.5.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Pablo Arias Rodriguez and Jorge Alberto Palma Reyes, members of CSIRT-CV"
        }
      ],
      "datePublic": "2023-09-01T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Reflected and persistent XSS vulnerability in Arconte \u00c1urea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim\u0027s browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user."
            }
          ],
          "value": "Reflected and persistent XSS vulnerability in Arconte \u00c1urea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim\u0027s browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-19T13:00:27.476Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This vulnerabilities have been fixed by Fujitsu in version 1.5.0.0, released on 4/4/2022. All new versions of the product, including the latest 1.6.2.3, also include the fixes."
            }
          ],
          "value": "This vulnerabilities have been fixed by Fujitsu in version 1.5.0.0, released on 4/4/2022. All new versions of the product, including the latest 1.6.2.3, also include the fixes."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Reflected and persistent XSS vulnerability in Fujitsu Arconte \u00c1urea",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2023-4093",
    "datePublished": "2023-09-19T13:00:27.476Z",
    "dateReserved": "2023-08-02T11:05:15.557Z",
    "dateUpdated": "2024-09-06T14:12:35.915Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4093\",\"sourceIdentifier\":\"cve-coordination@incibe.es\",\"published\":\"2023-09-19T14:15:22.177\",\"lastModified\":\"2024-11-21T08:34:22.607\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Reflected and persistent XSS vulnerability in Arconte \u00c1urea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim\u0027s browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad XSS reflejada y persistente en Arconte \u00c1urea, en su versi\u00f3n 1.5.0.0. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante inyectar c\u00f3digo JavaScript malicioso, comprometer el navegador de la v\u00edctima y tomar el control del mismo, redirigir al usuario a dominios maliciosos o acceder a informaci\u00f3n que est\u00e1 viendo el usuario leg\u00edtimo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.1,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:arconte_aurea:1.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5718D4D2-D570-4848-A1BA-031A0E8C548A\"}]}]}],\"references\":[{\"url\":\"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:17:11.871Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4093\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-06T14:07:20.199662Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-06T14:12:29.657Z\"}}], \"cna\": {\"title\": \"Reflected and persistent XSS vulnerability in Fujitsu Arconte \\u00c1urea\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Pablo Arias Rodriguez and Jorge Alberto Palma Reyes, members of CSIRT-CV\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Fujitsu \", \"product\": \"Arconte \\u00c1urea\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.5.0.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"This vulnerabilities have been fixed by Fujitsu in version 1.5.0.0, released on 4/4/2022. All new versions of the product, including the latest 1.6.2.3, also include the fixes.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"This vulnerabilities have been fixed by Fujitsu in version 1.5.0.0, released on 4/4/2022. All new versions of the product, including the latest 1.6.2.3, also include the fixes.\", \"base64\": false}]}], \"datePublic\": \"2023-09-01T10:00:00.000Z\", \"references\": [{\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Reflected and persistent XSS vulnerability in Arconte \\u00c1urea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim\u0027s browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Reflected and persistent XSS vulnerability in Arconte \\u00c1urea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim\u0027s browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"shortName\": \"INCIBE\", \"dateUpdated\": \"2023-09-19T13:00:27.476Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-4093\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-06T14:12:35.915Z\", \"dateReserved\": \"2023-08-02T11:05:15.557Z\", \"assignerOrgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"datePublished\": \"2023-09-19T13:00:27.476Z\", \"assignerShortName\": \"INCIBE\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.