{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T22:45:21.218","vulnerabilities":[{"cve":{"id":"CVE-2023-4101","sourceIdentifier":"cve-coordination@incibe.es","published":"2023-10-03T12:15:10.973","lastModified":"2024-11-21T08:34:23.653","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application."},{"lang":"es","value":"El SSO de inicio de sesión de QSige no tiene un mecanismo de control de acceso para verificar si el usuario que solicita un recurso tiene permisos suficientes para hacerlo. Como requisito previo, es necesario iniciar sesión en la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qsige:qsige:3.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5BBAF4E7-336E-4D97-BECC-0C4349F37377"}]}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-idm-sistemas-qsige","source":"cve-coordination@incibe.es","tags":["Third Party Advisory"]},{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-idm-sistemas-qsige","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}