CVE-2023-6904

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 17, 2023

Updated: May 17, 2024

CWE ID 352

Summary

CVE-2023-6904 is a newly identified vulnerability affecting Jahastech NxFilter 4.3.2.5. The issue resides in the /config,admin.jsp file and involves a cross-site request forgery (CSRF) issue. The CSRF vulnerability can be triggered by manipulating the argument admin_name, which results in unauthorized requests. This attack can be executed remotely, making it a significant security concern. No response has been received from the vendor regarding this disclosure, and the VDB-248266 identifier has been assigned to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t1QM8e
https://www.cve.org/CVERecord?id=CVE-2023-6904
https://nvd.nist.gov/vuln/detail/CVE-2023-6904

Back to Vulnerability Database

CVE-2023-6904

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations