How severe is CVE-2023-2638?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2023-2638?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2023-2638

MEDIUM Year: 2023

CVSS v3 Score

5.0

Medium

Weakness Type

CWE-287

View all →

Vulnerability Description

Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited.

CVE-2020-4205

MEDIUM

CVSS:5.0(Medium)

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have bee...

CWE-2872020

CVE-2023-0264

MEDIUM

CVSS:5.0(Medium)

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the sam...

CWE-2872023

CVE-2023-21307

MEDIUM

CVSS:5.0(Medium)

In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure ...

CWE-2872023

CVE-2023-3597

MEDIUM

CVSS:5.0(Medium)

A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to reg...

CWE-2872023

CVE-2018-1987

MEDIUM

CVSS:5.1(Medium)

IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID:...

CWE-2872018

CVE-2018-4856

MEDIUM

CVSS:4.9(Medium)

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitim...

CWE-2872018

CVE-2023-2638

Vulnerability Description

Related Vulnerabilities

CVE-2020-4205

CVE-2023-0264

CVE-2023-21307

CVE-2023-3597

CVE-2018-1987

CVE-2018-4856