cbcvebase.
CVE-2023-4400
published 2023-09-13

CVE-2023-4400: A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release…

PriorityP340medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.30%
21.6th percentile
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files.

Affected

6 ranges
VendorProductVersion rangeFixed in
skyhigh_securityskyhigh_secure_web_gateway>= 10.x < 10.2.2510.2.25
skyhigh_securityskyhigh_secure_web_gateway>= 11.x < 11.2.1411.2.14
skyhigh_securityskyhigh_secure_web_gateway>= 12.x < 12.2.112.2.1
skyhighsecuritysecure_web_gateway>= 10.0.0 < 10.2.2510.2.25
skyhighsecuritysecure_web_gateway>= 11.0.0 < 11.2.1411.2.14
skyhighsecuritysecure_web_gateway>= 12.0.0 < 12.2.112.2.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.