CVE-2023-28077 - Vulnerability Details - OpenCVE

Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Bsafe Ssl-j

Configuration 1 [-]

OR	cpe:2.3:a:dell:bsafe_ssl-j::::::::
	cpe:2.3:a:dell:bsafe_ssl-j::::::::

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-02-10T03:11:28.614Z

Updated: 2024-08-02T12:30:23.953Z

Reserved: 2023-03-10T05:10:02.997Z

Link: CVE-2023-28077

Vulnrichment

Updated: 2024-08-02T12:30:23.953Z

NVD

Status : Modified

Published: 2024-02-10T03:15:07.680

Modified: 2024-11-21T07:54:21.373

Link: CVE-2023-28077

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28077", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-03-10T05:10:02.997Z", "datePublished": "2024-02-10T03:11:28.614Z", "dateUpdated": "2024-08-02T12:30:23.953Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Dell BSAFE SSL-J\t", "vendor": "Dell", "versions": [{"lessThanOrEqual": "6.5", "status": "affected", "version": "6.0.x", "versionType": "semver"}, {"lessThanOrEqual": "7.1", "status": "affected", "version": "7.0", "versionType": "semver"}]}], "datePublic": "2023-05-19T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. </span>\n\n"}], "value": "\nDell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. \n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1295", "description": "CWE-1295: Debug Messages Revealing Unnecessary Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-02-10T03:11:28.614Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28077", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-12T13:35:02.561559Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:20:50.452Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:30:23.953Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:30:23.953Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28077", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-12T13:35:02.561559Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:36.973Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "Dell BSAFE SSL-J\t", "versions": [{"status": "affected", "version": "6.0.x", "versionType": "semver", "lessThanOrEqual": "6.5"}, {"status": "affected", "version": "7.0", "versionType": "semver", "lessThanOrEqual": "7.1"}], "defaultStatus": "unaffected"}], "datePublic": "2023-05-19T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nDell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. \n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. </span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1295", "description": "CWE-1295: Debug Messages Revealing Unnecessary Information"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-02-10T03:11:28.614Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28077", "state": "PUBLISHED", "dateUpdated": "2024-08-02T12:30:23.953Z", "dateReserved": "2023-03-10T05:10:02.997Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2024-02-10T03:11:28.614Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", "matchCriteriaId": "83A641BB-542A-404B-9B5C-4356F2F55EF5", "versionEndExcluding": "6.5.1", "versionStartIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6EBF250-3157-40DE-A73A-3F331897DBFE", "versionEndExcluding": "7.1.1", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nDell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. \n\n"}, {"lang": "es", "value": "Dell BSAFE SSL-J, versiones anteriores a 6.5 y versiones 7.0 y 7.1 contienen un mensaje de depuraci\u00f3n que revela una vulnerabilidad de informaci\u00f3n innecesaria. Esto puede llevar a revelar informaci\u00f3n confidencial a un usuario con privilegios locales."}], "id": "CVE-2023-28077", "lastModified": "2024-11-21T07:54:21.373", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-10T03:15:07.680", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1295"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}