CVE-2023-52096

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 26, 2023
Updated: Jan 4, 2024
CWE ID 89

Summary

CVE-2023-52096 is a vulnerability that affects SteVe Community ocpp-jaxb before version 0.0.8. It generates invalid timestamps, such as those with a month of 00, in certain situations. This vulnerability can be exploited when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000. The impact of this vulnerability is the potential for a SQL exception in applications and the compromise of transaction record integrity. This vulnerability has a high base severity rating, with a base score of 7.5 and high confidentiality impact. The exploitability score is 3.9, indicating it is relatively easy to exploit, and the attack vector is through the network. No privileges are required for exploitation, and no user interaction is needed. The remediation for this vulnerability would involve upgrading to a version of SteVe Community ocpp-jaxb that is after 0.0.8 when it becomes available.

Note: The information provided here is based on the given text and does not reflect any external sources or additional research beyond what was provided in the text snippet.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-52096 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options