CVE-2023-46749 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-46749 PUBLISHED CVSS 6.5 MEDIUM

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).

EPSS 0.15% · 35.7th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Score

0.15%

35.7th percentile

Affected Products

Vendor	Product	Versions
Maven	org.apache.shiro:shiro-core	0, 2.0.0alpha1
Apache Software Foundation	Apache Shiro	2.0.0-alpha-1, 0
apache	shiro	2.0.0, 0, 2.0.0

Timeline

Jan 15, 2024 CVE Published
Jan 17, 2024 EPSS Score
Feb 13, 2024 EPSS Score
Mar 12, 2024 EPSS Score
May 6, 2024 EPSS Score
Jun 2, 2024 EPSS Score
Jun 30, 2024 EPSS Score
Jul 27, 2024 EPSS Score
Aug 24, 2024 EPSS Score
Oct 18, 2024 EPSS Score
Nov 14, 2024 EPSS Score
Dec 13, 2024 EPSS Score

References

https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm vendor-advisory
https://security.netapp.com/advisory/ntap-20241108-0002/ url
https://security.netapp.com/advisory/ntap-20241108-0001/ advisory
https://www.ibm.com/support/pages/node/7156941 advisory
https://www.ibm.com/support/pages/node/7158537 advisory
https://www.ibm.com/support/pages/node/7157712 advisory
https://www.ibm.com/support/pages/node/7158652 advisory
https://www.ibm.com/support/pages/node/7158539 advisory
https://www.ibm.com/support/pages/node/7158762 advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-46749 advisory
https://security.netapp.com/advisory/ntap-20241108-0002 url

Open in Interactive Console →