← Back

CVE-2023-35033

nvd nist
Published: Jun 12, 2023Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23556.

Affected (6)

Atos
2 products
Unify Openscape 4000 Assistant
Unify Openscape 4000 Manager
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Atos
Unify Openscape 4000 Assistant
Version 10 r0
Unify Openscape 4000 Assistant
Version 10 r1.34.4
Unify Openscape 4000 Assistant
Version 10 r1
Atos
Unify Openscape 4000 Manager
Version 10 r0
Unify Openscape 4000 Manager
Version 10 r1.34.4
Unify Openscape 4000 Manager
Version 10 r1

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Press/Media CoverageThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media CoverageThird Party Advisory

Timeline

No history available yet.