CVE-2023-7240

MEDIUM

OpenText NetIQ Identity Console 1.0.0-1.7.0 - Unauthenticated Server-Side Request Forgery via Login Panel Server Field

Title source: llm

Description

An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address.

References (1)

Core 1

Core References

Various Sources

https://www.netiq.com/documentation/identity-console/identity_console1720000_releasenotes/data/identity_console1720000_releasenotes.html

Scores

CVSS v3 5.8

EPSS 0.0038

EPSS Percentile 29.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (1)

OpenText/NetIQ Identity Console 1.0.0 - 1.7.1

Published May 07, 2024

Tracked Since Feb 18, 2026