Lucene search

TwcertCVE-2023-41357

HistoryNov 03, 2023 - 7:15 a.m.

CVE-2023-41357

2023-11-0307:15:14

CWE-434

twcert

web.nvd.nist.gov

galaxy software

vitals esp

file upload

vulnerability

cve-2023-41357

nvd

system operations

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

46.0%

JSON

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service.

Affected configurations

Nvd

Node

gssvitals_enterprise_social_platformRange≤6.1

VendorProductVersionCPE
gssvitals_enterprise_social_platform*cpe:2.3:a:gss:vitals_enterprise_social_platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gss	vitals_enterprise_social_platform	*	cpe:2.3:a:gss:vitals_enterprise_social_platform::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Vitals ESP ",
    "vendor": "Galaxy Software Services",
    "versions": [
      {
        "status": "affected",
        "version": "6.1 and prior"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7508-6d1ef-1.html

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

46.0%

JSON

Related for CVE-2023-41357