CVE-2023-40265

EPSS 1.39%
Published 08.02.2024 22:15:08
Last modified 15.05.2025 20:15:25
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Mitel ≫ Unify Openscape Xpressions Webassistant Version >= 7.0 < 7r1_fr5_hf42_p911

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.39%	0.795

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://networks.unify.com/security/advisories/OBSO-2305-03.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-40265

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40265

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40265

EUVD