CVSS 3.1 Score 6.7 of 10 (medium)


Published Oct 3, 2023
Updated: Mar 1, 2024
CWE ID 200


CVE-2023-4886 is a vulnerability classified as "Information Exposure" with a base severity rating of MEDIUM. It affects the product "foreman" and has a risk score of 10. The vulnerability allows sensitive information, specifically passwords to candlepin's keystore and truststore, to be exposed as the tomcat's server.xml file is found to be world readable. The potential danger it poses to an organization is high, with a confidentiality impact and integrity impact rated as HIGH. The vulnerability can be exploited locally and requires high privileges. Organizations should remediate this vulnerability by securing access to the server.xml file and ensuring that sensitive information is not exposed.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4886 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options