CVE-2023-29476

CRITICAL

Menlo On-Premise Appliance <2.88 - Info Disclosure

Title source: llm

Description

In Menlo On-Premise Appliance before 2.88, web policy may not be consistently applied properly to intentionally malformed client requests. This is fixed in 2.88.2+, 2.89.1+, and 2.90.1+.

References (1)

[Various Sources] https://www.menlosecurity.com/published-security-vulnerabilities

Scores

CVSS v3 9.1

EPSS 0.0011

EPSS Percentile 28.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-444

Status published

Published Dec 14, 2024

Tracked Since Feb 18, 2026