CVE-2023-29065: Overly Permissive Access Policy
First published: Tue Nov 28 2023(Updated: )
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
Credit: cybersecurity@bd.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| Bd Facschorus | =5.0 | |
| Bd Facschorus | =5.1 | |
| Hp Hp Z2 Tower G9 | ||
| All of | ||
| Any of | ||
| Bd Facschorus | =3.0 | |
| Bd Facschorus | =3.1 | |
| Hp Hp Z2 Tower G5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-29065?
CVE-2023-29065 is a vulnerability that allows a threat actor with physical access to gain credentials and potentially alter or destroy data in the FACSChorus software database.
What software versions are affected by CVE-2023-29065?
The affected software versions are Bd Facschorus 5.0 and 5.1.
Is Hp Hp Z2 Tower G9 vulnerable to CVE-2023-29065?
No, Hp Hp Z2 Tower G9 is not vulnerable to CVE-2023-29065.
What is the severity of CVE-2023-29065?
The severity of CVE-2023-29065 is medium, with a CVSS score of 4.1.
How can I fix CVE-2023-29065?
To fix CVE-2023-29065, it is recommended to implement proper access controls and restrict direct database access.
- collector/mitre-cve
- collector/nvd-api
- agent/title
- agent/severity
- agent/author
- agent/type
- vendor/bd
- canonical/bd facschorus
- version/bd facschorus/5.0
- version/bd facschorus/5.1
- vendor/hp
- canonical/hp hp z2 tower g9
- version/bd facschorus/3.0
- version/bd facschorus/3.1
- canonical/hp hp z2 tower g5