How severe is CVE-2023-40037?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-40037?

This is classified as CWE-184, which is a common weakness in software security.

CVE-2023-40037 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.

Related Vulnerabilities

CVE-2021-31370

MEDIUM

CVSS:6.5(Medium)

An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker whi...

CWE-1842021

CVE-2024-20278

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper...

CWE-1842024

CVE-2025-1484

MEDIUM

CVSS:6.5(Medium)

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An att...

CWE-1842025

CVE-2023-45593

MEDIUM

CVSS:6.8(Medium)

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacke...

CWE-1842023

CVE-2022-38179

MEDIUM

CVSS:6.1(Medium)

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

CWE-1842022

CVE-2023-23844

HIGH

CVSS:7.2(High)

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands wi...

CWE-1842023