How severe is CVE-2023-22326?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2023-22326?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2023-22326 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Related Vulnerabilities

CVE-2017-18875

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.

CWE-7322017

CVE-2017-18876

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.

CWE-7322017

CVE-2018-13025

MEDIUM

CVSS:4.9(Medium)

protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter.

CWE-7322018

CVE-2018-14886

MEDIUM

CVSS:4.9(Medium)

The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read...

CWE-7322018

CVE-2018-20420

MEDIUM

CVSS:4.9(Medium)

In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directo...

CWE-7322018

CVE-2019-3893

MEDIUM

CVSS:4.9(Medium)

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resourc...

CWE-7322019