CVE-2023-1663

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible.5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)
Forced Browsing
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
SNPSCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
synopsyscoverity
𝑥
< 2023.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663
https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform
https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663
https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform