Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-4094
PUBLISHED
More InfoOfficial Page
Assigner-INCIBE
Assigner Org ID-0cbda920-cd7f-484a-8e76-bf7f4b7f4516
View Known Exploited Vulnerability (KEV) details
Published At-19 Sep, 2023 | 13:15
Updated At-25 Sep, 2024 | 15:31
Rejected At-
▼CVE Numbering Authority (CNA)
Weak authentication vulnerability in Fujitsu Arconte Áurea

ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form.

Affected Products
Vendor
Fujitsu LimitedFujitsu
Product
Arconte Áurea
Default Status
unaffected
Versions
Affected
  • From 0 before 1.5.0.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-1390CWE-1390: Weak Authentication
Type: CWE
CWE ID: CWE-1390
Description: CWE-1390: Weak Authentication
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

This vulnerabilities have been fixed by Fujitsu in version 1.5.0.0, released on 4/4/2022. All new versions of the product, including the latest 1.6.2.3, also include the fixes.

Configurations
Workarounds
Exploits
Credits
finder
Pablo Arias Rodriguez and Jorge Alberto Palma Reyes, members of CSIRT-CV
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea
N/A
Hyperlink: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea
x_transferred
Hyperlink: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found