How severe is CVE-2023-32173?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2023-32173?

This is classified as CWE-91, which is a common weakness in software security.

CVE-2023-32173 - MEDIUM Severity | CVSS 5.8

Vulnerability Description

Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the implementation of the AddServer method. By specifying crafted arguments, an attacker can cause invalid characters to be inserted into an XML configuration file. An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the system. . Was ZDI-CAN-20576.

Related Vulnerabilities

CVE-2020-4774

MEDIUM

CVSS:5.4(Medium)

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker ...

CWE-912020

CVE-2016-2932

MEDIUM

CVSS:5.3(Medium)

IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors.

CWE-912016

CVE-2022-22244

MEDIUM

CVSS:5.3(Medium)

An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to o...

CWE-912022

CVE-2022-25356

MEDIUM

CVSS:5.3(Medium)

Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection.

CWE-912022

CVE-2023-35858

MEDIUM

CVSS:5.3(Medium)

XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information.

CWE-912023

CVE-2024-33858

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will...

CWE-912024