CVE-2023-4400
published 2023-09-13CVE-2023-4400: A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release…
PriorityP340medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.30%
21.6th percentile
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| skyhigh_security | skyhigh_secure_web_gateway | >= 10.x < 10.2.25 | 10.2.25 |
| skyhigh_security | skyhigh_secure_web_gateway | >= 11.x < 11.2.14 | 11.2.14 |
| skyhigh_security | skyhigh_secure_web_gateway | >= 12.x < 12.2.1 | 12.2.1 |
| skyhighsecurity | secure_web_gateway | >= 10.0.0 < 10.2.25 | 10.2.25 |
| skyhighsecurity | secure_web_gateway | >= 11.0.0 < 11.2.14 | 11.2.14 |
| skyhighsecurity | secure_web_gateway | >= 12.0.0 < 12.2.1 | 12.2.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-09-13
Published