VDB
CVE-2023-28362
CVE-2023-28362
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Es existieren mehrere Schwachstellen in genua genucenter und in davon genutzten Komponenten von Drittanbietern (curl, libxml, sudo und Ruby). Durch manipulierte Anfragen an das System kann ein Angreifer dadurch Informationen offenlegen, Dateien manipulieren, Cross-Site Scripting Angriffe durchführen oder weitere nicht spezifizierte Auswirkungen erzielen.
EPSS 0.22% · 45.2th percentile
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.22%
45.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Source | Open Source Ruby on Rails <7.0.5.1 | |
| Debian | Debian Linux | |
| Red Hat | Red Hat Enterprise Linux | |
| IBM | IBM License Metric Tool 9.2 | |
| SUSE | SUSE Linux | |
| Open Source | Open Source Ruby on Rails <6.1.7.4 | |
| IBM | IBM License Metric Tool <9.2.33 |
Timeline
- CVE Published
- Jul 28, 2023 PoC Published
- Jan 9, 2025 EPSS Score
- Jan 9, 2025 PoC Published
- Jan 9, 2025 PoC Published
- Jan 9, 2025 PoC Published
- Jan 9, 2025 PoC Published
- Jan 9, 2025 PoC Published
- Jan 25, 2025 EPSS Score
- Feb 9, 2025 EPSS Score
- Feb 25, 2025 EPSS Score
- Mar 13, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1577.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1577 advisory
- https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-August/015808.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-August/015832.html advisory
- https://www.ibm.com/support/pages/node/7037764 advisory
- https://www.ibm.com/support/pages/node/1126755 advisory
- https://access.redhat.com/errata/RHSA-2023:7851 advisory
- https://lists.debian.org/debian-security-announce/2025/msg00043.html advisory
- https://lists.debian.org/debian-lts-announce/2025/11/msg00026.html advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2101.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2101 advisory
- https://kunde.genua.de/nc/suche/view/neuer-patch-genucenter-80p6-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0&tx_genusupport_content%5BsearchTerm%5D=&tx_genusupport_content%5BforcePath%5D=&tx_genusupport_content%5Baction%5D=genuSupportSearch&tx_genusupport_content%5Bcontroller%5D=Content advisory