Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-1663

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)

Published

2023-03-29T14:15:07.453

Last Modified

2024-11-21T07:39:38.663

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-425
Type: Primary
CWE-425

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	synopsys	coverity	< 2023.3.2	Yes

References

https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663 Permissions Required ([email protected])
https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform Vendor Advisory ([email protected])
https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)