How severe is CVE-2023-49792?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-49792?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2023-49792 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.

Related Vulnerabilities

CVE-1999-1324

CRITICAL

CVSS:9.8(Critical)

VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which ma...

CWE-3071999

CVE-2001-0395

CRITICAL

CVSS:9.8(Critical)

Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.

CWE-3072001

CVE-2001-1291

CRITICAL

CVSS:9.8(Critical)

The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the serv...

CWE-3072001

CVE-2001-1339

CRITICAL

CVSS:9.8(Critical)

Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password gue...

CWE-3072001

CVE-2013-4441

CRITICAL

CVSS:9.8(Critical)

The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CWE-3072013

CVE-2016-9124

CRITICAL

CVSS:9.8(Critical)

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown f...

CWE-3072016