CVE-2023-51708

HIGH Year: 2023
CVSS v3 Score
8.6
High
Weakness Type
CWE-287
View all →

Vulnerability Description

Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25.

Related Vulnerabilities

CVE-2017-6062

HIGH
CVSS:8.6(High)

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDC...

CWE-2872017

CVE-2017-6413

HIGH
CVSS:8.6(High)

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "Auth...

CWE-2872017

CVE-2018-2449

HIGH
CVSS:8.6(High)

SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality t...

CWE-2872018

CVE-2019-3654

HIGH
CVSS:8.6(High)

Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for...

CWE-2872019

CVE-2019-6521

HIGH
CVSS:8.6(High)

WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.

CWE-2872019

CVE-2020-3944

HIGH
CVSS:8.6(High)

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker w...

CWE-2872020