CVE-2023-6904

Name of the Vulnerable Software and Affected Versions Jahastech NxFilter version 4.3.2.5

Description A problematic vulnerability was found in Jahastech NxFilter, affecting the file /config,admin.jsp. The manipulation of the admin name argument leads to cross-site request forgery. The attack can be initiated remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Jahastech NxFilter version 4.3.2.5, as a temporary workaround, consider restricting access to the /config,admin.jsp file until a patch is available. Avoid using the admin name argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.