CVE-2023-4400

MEDIUM

Skyhigh Secure Web Gateway <11.2.14,10.2.25,12.2.1 - Info Disclosure

Title source: llm

Description

A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files.

References (2)

Core 2

Core References

Broken Link

https://kcm.trellix.com/corporate/index?page=content&id=SB10406

Third Party Advisory

https://github.com/advisories/GHSA-qggp-c2rq-6x65

Scores

CVSS v3 6.2

EPSS 0.0030

EPSS Percentile 21.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312 CWE-256

Status published

Products (1)

skyhighsecurity/secure_web_gateway 10.0.0 - 10.2.25

Published Sep 13, 2023

Tracked Since Feb 18, 2026