VDB
CVE-2023-4807
CVE-2023-4807
PUBLISHED
CVSS 8.699999809265137 HIGH
Es bestehen mehrere Schwachstellen im Dell BIOS. Dieser Fehler besteht in der OpenSSL Drittanbieter-Komponente, da die MAC-Implementierung (Message Authentication Code) einen Fehler enthält, der den internen Status von Anwendungen beschädigen kann. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand zu verursachen.
EPSS 0.73% · 73.0th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.73%
73.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle PeopleSoft 8.60 | |
| IBM | IBM Rational Build Forge 8.0.0.24 | |
| Dell | Dell NetWorker <19.13 | |
| Open Source | Open Source OpenSSL <=3.0.10 | |
| Open Source | Open Source OpenSSL <=1.1.1v | |
| Oracle | Oracle PeopleSoft 8.61 | |
| Hitachi | Hitachi Ops Center API Configuration Manager | |
| Open Source | Open Source OpenSSL <1.1.1w | |
| IBM | IBM DataPower Gateway <10.5.3 | |
| IBM | IBM DataPower Gateway <10.5.0.8 | |
| Tenable Security | Tenable Security Nessus <10.6.2 | |
| Juniper | Juniper JUNOS | |
| Dell | Dell NetWorker <19.11.0.6 | |
| Dell | Dell NetWorker <19.11.0.5 | |
| IBM | IBM Rational ClearCase 10.0.1 | |
| Tenable Security | Tenable Security Nessus <10.5.6 | |
| Dell | Dell PowerEdge T40 <1.15.0 | |
| Oracle | Oracle PeopleSoft 9.2 | |
| Dell | Dell NetWorker <19.13.0.2 | |
| IBM | IBM Spectrum Protect Plus <10.1.17 |
…and 9 more
Exploit Intelligence
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
Timeline
- Sep 8, 2023 CVE Published
- Sep 9, 2023 EPSS Score
- Sep 21, 2023 CVE Updated
- Oct 12, 2023 EPSS Score
- Dec 16, 2023 EPSS Score
- Jan 17, 2024 EPSS Score
- Mar 22, 2024 EPSS Score
- Apr 24, 2024 EPSS Score
- May 26, 2024 EPSS Score
- Jul 30, 2024 EPSS Score
- Sep 1, 2024 EPSS Score
- Oct 3, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0053.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0053 advisory
- https://www.dell.com/support/kbdoc/en-us/000220797/dsa-2024-036 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0893.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0893 advisory
- https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixPS advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1591.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1591 advisory
- https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=100&f:ctype=%5BSecurity%20Advisories%5D advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2298.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2298 advisory
- https://www.openssl.org/news/secadv/20230908.txt advisory
- https://www.openssl.org/news/openssl-1.1.1-notes.html advisory
- https://de.tenable.com/security/tns-2023-34 advisory
- https://de.tenable.com/security/tns-2023-37 advisory
- https://de.tenable.com/security/tns-2023-36 advisory
- https://www.ibm.com/support/pages/node/7082717 advisory
- https://www.ibm.com/support/pages/node/7096532 advisory
- https://www.dell.com/support/kbdoc/000222226/dsa-2024-= advisory
- https://www.ibm.com/support/pages/node/7130799 advisory
…and 7 more