How severe is CVE-2023-22501?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.4 out of 10.

What type of vulnerability is CVE-2023-22501?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2023-22501

CRITICAL Year: 2023

CVSS v3 Score

9.4

Critical

Weakness Type

CWE-287

View all →

Vulnerability Description

An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.

CVE-2017-14000

CRITICAL

CVSS:9.4(Critical)

An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a mali...

CWE-2872017

CVE-2017-9630

CRITICAL

CVSS:9.4(Critical)

An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpre...

CWE-2872017

CVE-2018-14786

CRITICAL

CVSS:9.4(Critical)

Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulne...

CWE-2872018

CVE-2023-1935

CRITICAL

CVSS:9.4(Critical)

ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition...

CWE-2872023

CVE-2023-6353

CRITICAL

CVSS:9.4(Critical)

Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.

CWE-2872023

CVE-2023-6354

CRITICAL

CVSS:9.4(Critical)

Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.

CWE-2872023

CVE-2023-22501

Vulnerability Description

Related Vulnerabilities

CVE-2017-14000

CVE-2017-9630

CVE-2018-14786

CVE-2023-1935

CVE-2023-6353

CVE-2023-6354