8.8
CVE-2023-40265
- EPSS 1.39%
- Veröffentlicht 08.02.2024 22:15:08
- Zuletzt bearbeitet 15.05.2025 20:15:25
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mitel ≫ Unify Openscape Xpressions Webassistant Version >= 7.0 < 7r1_fr5_hf42_p911
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.39% | 0.795 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.