Lucene search

[email protected]CVE-2023-32225

HistoryJul 30, 2023 - 8:15 a.m.

CVE-2023-32225

2023-07-3008:15:46

CWE-434

[email protected]

web.nvd.nist.gov

cve-2023-32225

sysaid

cwe-434

unrestricted upload

file

dangerous type

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

25.1%

JSON

Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -

A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.

Affected configurations

NVD

Node

sysaidsysaid_on-premisesRange<23.2.14

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Sysaid",
    "vendor": "Sysaid",
    "versions": [
      {
        "lessThan": "23.2.14 b18",
        "status": "affected",
        "version": "All versions",
        "versionType": "custom"
      }
    ]
  }
]

References

www.gov.il/en/Departments/faq/cve_advisories

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

25.1%

JSON

Related for CVE-2023-32225

nvd1 prion1 cvelist1