CVE-2023-45353

Published: Oct 9, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591.

Affected (1)

Products: Atos: Unify Openscape Common Management

1 product

Unify Openscape Common Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Atos Unify Openscape Common Management	Version 10

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://networks.unify.com/security/advisories/OBSO-2306-02.pdf

Source: cve@mitre.org

Vendor Advisory

https://www.news.de/technik/857003738/unify-openscape-common-management-platform-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-update-zu-bekannten-schwachstellen-und-sicherheitsluecken-vom-03-07-2023/1/

Source: cve@mitre.org

Press/Media Coverage

https://networks.unify.com/security/advisories/OBSO-2306-02.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.news.de/technik/857003738/unify-openscape-common-management-platform-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-update-zu-bekannten-schwachstellen-und-sicherheitsluecken-vom-03-07-2023/1/

Source: af854a3a-2127-422b-91ae-364da2661108

Press/Media Coverage

Timeline

No history available yet.