8.8

CVE-2023-39546

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NecExpresscluster X Version1.0 SwPlatformlinux
NecExpresscluster X Version1.0 SwPlatformwindows
NecExpresscluster X Version2.0 SwPlatformlinux
NecExpresscluster X Version2.0 SwPlatformwindows
NecExpresscluster X Version2.1 SwPlatformlinux
NecExpresscluster X Version2.1 SwPlatformwindows
NecExpresscluster X Version3.0 SwPlatformlinux
NecExpresscluster X Version3.0 SwPlatformwindows
NecExpresscluster X Version3.1 SwPlatformlinux
NecExpresscluster X Version3.1 SwPlatformwindows
NecExpresscluster X Version3.2 SwPlatformlinux
NecExpresscluster X Version3.2 SwPlatformwindows
NecExpresscluster X Version3.3 SwPlatformlinux
NecExpresscluster X Version3.3 SwPlatformwindows
NecExpresscluster X Version4.0 SwPlatformlinux
NecExpresscluster X Version4.0 SwPlatformwindows
NecExpresscluster X Version4.1 SwPlatformlinux
NecExpresscluster X Version4.1 SwPlatformwindows
NecExpresscluster X Version4.2 SwPlatformlinux
NecExpresscluster X Version4.2 SwPlatformwindows
NecExpresscluster X Version4.3 SwPlatformlinux
NecExpresscluster X Version4.3 SwPlatformwindows
NecExpresscluster X Version5.0 SwPlatformlinux
NecExpresscluster X Version5.0 SwPlatformwindows
NecExpresscluster X Version5.1 SwPlatformlinux
NecExpresscluster X Version5.1 SwPlatformwindows
NecExpresscluster X Singleserversafe Version1.0 SwPlatformlinux
NecExpresscluster X Singleserversafe Version1.0 SwPlatformwindows
NecExpresscluster X Singleserversafe Version2.0 SwPlatformlinux
NecExpresscluster X Singleserversafe Version2.0 SwPlatformwindows
NecExpresscluster X Singleserversafe Version2.1 SwPlatformlinux
NecExpresscluster X Singleserversafe Version2.1 SwPlatformwindows
NecExpresscluster X Singleserversafe Version3.0 SwPlatformlinux
NecExpresscluster X Singleserversafe Version3.0 SwPlatformwindows
NecExpresscluster X Singleserversafe Version3.1 SwPlatformlinux
NecExpresscluster X Singleserversafe Version3.1 SwPlatformwindows
NecExpresscluster X Singleserversafe Version3.2 SwPlatformlinux
NecExpresscluster X Singleserversafe Version3.2 SwPlatformwindows
NecExpresscluster X Singleserversafe Version3.3 SwPlatformlinux
NecExpresscluster X Singleserversafe Version3.3 SwPlatformwindows
NecExpresscluster X Singleserversafe Version4.0 SwPlatformlinux
NecExpresscluster X Singleserversafe Version4.0 SwPlatformwindows
NecExpresscluster X Singleserversafe Version4.1 SwPlatformlinux
NecExpresscluster X Singleserversafe Version4.1 SwPlatformwindows
NecExpresscluster X Singleserversafe Version4.2 SwPlatformlinux
NecExpresscluster X Singleserversafe Version4.2 SwPlatformwindows
NecExpresscluster X Singleserversafe Version4.3 SwPlatformlinux
NecExpresscluster X Singleserversafe Version4.3 SwPlatformwindows
NecExpresscluster X Singleserversafe Version5.0 SwPlatformlinux
NecExpresscluster X Singleserversafe Version5.0 SwPlatformwindows
NecExpresscluster X Singleserversafe Version5.1 SwPlatformlinux
NecExpresscluster X Singleserversafe Version5.1 SwPlatformwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.218
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-836 Use of Password Hash Instead of Password for Authentication

The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.