Lucene search

[email protected]CVE-2023-24835

HistoryMar 27, 2023 - 4:15 a.m.

CVE-2023-24835

2023-03-2704:15:09

CWE-94

[email protected]

web.nvd.nist.gov

softnext

spam sqr

code injection

cve-2023-24835

vulnerability

nvd

security

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.4%

JSON

Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service.

Affected configurations

NVD

Node

softnextspam_sqrRange<2.221231

CPENameOperatorVersion
softnext:spam_sqrsoftnext spam sqrlt2.221231

CPE	Name	Operator	Version
softnext:spam_sqr	softnext spam sqr	lt	2.221231

CNA Affected

[
  {
    "vendor": "Softnext",
    "product": "SPAM SQR",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.221231",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6955-c7612-1.html

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.4%

JSON

Related for CVE-2023-24835

prion1 nvd1 cvelist1