8.8

CVE-2023-45353

Medienbericht

EPSS 0.28%
Veröffentlicht 09.10.2023 04:15:54
Zuletzt bearbeitet 21.11.2024 08:26:47
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Atos ≫ Unify Openscape Common Management Version10 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.51

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://networks.unify.com/security/advisories/OBSO-2306-02.pdf

Vendor Advisory

https://www.news.de/technik/857003738/unify-openscape-common-management-platform-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-update-zu-bekannten-schwachstellen-und-sicherheitsluecken-vom-03-07-2023/1/

Press/Media Coverage

https://nvd.nist.gov/vuln/detail/CVE-2023-45353

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-45353

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-45353

EUVD