ByteOS Network

Vulnerability Details :

CVE-2023-23464

Summary

Assigner-INCD

Assigner Org ID-a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f

Published At-15 Feb, 2023 | 00:00

Updated At-19 Mar, 2025 | 16:04

Media CP Media Control Panel – Information Disclosure

Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:INCD

Assigner Org ID:a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f

Published At:15 Feb, 2023 | 00:00

Updated At:19 Mar, 2025 | 16:04

▼CVE Numbering Authority (CNA)

Media CP Media Control Panel – Information Disclosure

Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure.

Affected Products

Vendor

Media CP

Product

Media Control Panel

Versions

Affected

From all versions before Update to the latest version (custom)

Problem Types

Type	CWE ID	Description
text	N/A	Information disclosure

Type: text

CWE ID: N/A

Description: Information disclosure

Metrics

Version	Base score	Base severity	Vector
3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Credits

Moriel Harush

References

Hyperlink	Resource
https://www.gov.il/en/Departments/faq/cve_advisories	N/A

Hyperlink: https://www.gov.il/en/Departments/faq/cve_advisories

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.gov.il/en/Departments/faq/cve_advisories	x_transferred

Hyperlink: https://www.gov.il/en/Departments/faq/cve_advisories

Resource:

x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-942	CWE-942 Permissive Cross-domain Policy with Untrusted Domains

Type: CWE

CWE ID: CWE-942

Description: CWE-942 Permissive Cross-domain Policy with Untrusted Domains

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@cyber.gov.il

Published At:15 Feb, 2023 | 19:15

Updated At:19 Mar, 2025 | 16:15

Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

mediacp>>media_control_panel>>2.13.1

cpe:2.3:a:mediacp:media_control_panel:2.13.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-942	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-942

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://www.gov.il/en/Departments/faq/cve_advisories	cna@cyber.gov.il	Third Party Advisory
https://www.gov.il/en/Departments/faq/cve_advisories	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory

Hyperlink: https://www.gov.il/en/Departments/faq/cve_advisories

Source: cna@cyber.gov.il

Resource:

Third Party Advisory

Hyperlink: https://www.gov.il/en/Departments/faq/cve_advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

Similar CVEs

5Records found

CVE-2023-23467

Matching Score-8

Assigner-Israel National Cyber Directorate (INCD)

View Details

Matching Score-8

Assigner-Israel National Cyber Directorate (INCD)

CVSS Score-8.1||HIGH

EPSS-0.09% / 26.10%

7 Day CHG~0.00%

Published-15 Feb, 2023 | 00:00

Updated-19 Mar, 2025 | 16:02

Media CP Media Control Panel – Reflected XSS

Media CP Media Control Panel latest version. Reflected XSS possible through unspecified endpoint.

Vendor-mediacp Media CP

Product-media_control_panel Media Control Panel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-2360

Matching Score-4

Assigner-Acronis International GmbH

View Details

Matching Score-4

Assigner-Acronis International GmbH

CVSS Score-3.1||LOW

EPSS-0.20% / 41.97%

7 Day CHG~0.00%

Published-28 Apr, 2023 | 11:10

Updated-30 Jan, 2025 | 17:11

Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135.

Vendor-Acronis (Acronis International GmbH)

Product-cyber_infrastructure Acronis Cyber Infrastructure

CWE ID-CWE-942

Permissive Cross-domain Policy with Untrusted Domains

CVE-2024-22348

Matching Score-4

Assigner-IBM Corporation

View Details

Matching Score-4

Assigner-IBM Corporation

CVSS Score-5.3||MEDIUM

EPSS-0.06% / 19.31%

7 Day CHG+0.01%

Published-20 Jan, 2025 | 17:40

Updated-14 Aug, 2025 | 17:05

IBM UrbanCode Velocity cross-origin resource sharing

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.

Vendor-IBM Corporation

Product-devops_velocity urbancode_velocity DevOps Velocity UrbanCode Velocity

CWE ID-CWE-942

Permissive Cross-domain Policy with Untrusted Domains

CVE-2022-47717

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.08% / 25.46%

7 Day CHG~0.00%

Published-01 Feb, 2023 | 00:00

Updated-27 Mar, 2025 | 15:15

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).

Vendor-lastyard n/a

Product-last_yard n/a

CWE ID-CWE-942

Permissive Cross-domain Policy with Untrusted Domains

CVE-2025-25234

Matching Score-4

Assigner-de5a6978-88fe-4c27-a7df-d0d5b52d5b52

View Details

Matching Score-4

Assigner-de5a6978-88fe-4c27-a7df-d0d5b52d5b52

CVSS Score-7.1||HIGH

EPSS-0.05% / 16.30%

7 Day CHG~0.00%

Published-17 Apr, 2025 | 14:58

Updated-21 Apr, 2025 | 18:35

Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks.

Vendor-omnissa Omnissa

Product-unified_access_gateway Omnissa Unified Access Gateway (UAG)

CWE ID-CWE-942

Permissive Cross-domain Policy with Untrusted Domains

CVE-2023-23464

Credits

Media CP Media Control Panel – Information Disclosure

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs