CVE-2023-1663
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Summary
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Synopsys | Coverity | 0 <= 2023.3.1 | affected |
Weaknesses
- CWE-425: CWE-425 Direct Request ('Forced Browsing')
ADP Enrichment
CVE Program Container
Additional References
- https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform
- https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform
- https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.