How severe is CVE-2023-20136?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-20136?

This is classified as CWE-648, which is a common weakness in software security.

CVE-2023-20136 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper role-based access control (RBAC) of certain OpenAPI operations. An attacker could exploit this vulnerability by issuing a crafted OpenAPI function call with valid credentials. A successful exploit could allow the attacker to execute OpenAPI operations that are reserved for the Administrator user, including the creation and deletion of user labels.

Related Vulnerabilities

CVE-2020-7927

MEDIUM

CVSS:6.5(Medium)

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions...

CWE-6482020

CVE-2024-46978

MEDIUM

CVSS:6.5(Medium)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, ...

CWE-6482024

CVE-2024-53007

MEDIUM

CVSS:6.4(Medium)

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.

CWE-6482024

CVE-2022-24073

HIGH

CVSS:7.1(High)

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.

CWE-6482022

CVE-2023-29507

HIGH

CVSS:7.2(High)

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in...

CWE-6482023

CVE-2023-4009

HIGH

CVSS:7.2(High)

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges...

CWE-6482023