How severe is CVE-2023-42768?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2023-42768?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2023-42768 - HIGH Severity | CVSS 7.2

Vulnerability Description

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Related Vulnerabilities

CVE-2020-13302

HIGH

CVSS:7.2(High)

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a us...

CWE-6132020

CVE-2022-31050

HIGH

CVSS:7.2(High)

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even...

CWE-6132022

CVE-2017-6145

HIGH

CVSS:7.3(High)

iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cooki...

CWE-6132017

CVE-2019-9269

HIGH

CVSS:7.3(High)

In System Settings, there is a possible permissions bypass due to a cached Linux user ID. This could lead to a local permissions bypass with no additional execution privileges needed. User interaction...

CWE-6132019

CVE-2023-38489

HIGH

CVSS:7.3(High)

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are di...

CWE-6132023

CVE-2024-36041

HIGH

CVSS:7.3(High)

KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This all...

CWE-6132024