Lucene search
MitreCVE-2023-25759HistoryApr 19, 2023 - 12:15 p.m.
CVE-2023-25759
2023-04-1912:15:08
CWE-78
mitre
web.nvd.nist.gov
23
cve-2023-25759
command injection
tripledata reporting engine
tripleplay platform
authentication
unprivileged
os level commands
crafted request payload
nvd
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
29.7%
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.
Affected configurations
Node
uniguesttripleplayMatch3.4.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| uniguest | tripleplay | 3.4.0 | cpe:2.3:a:uniguest:tripleplay:3.4.0:*:*:*:*:*:*:* |
Related
prion
prion
Command injection
2023-04-19 12:15:00
cvelist
cvelist
CVE-2023-25759
2023-04-19 00:00:00
nvd
nvd
CVE-2023-25759
2023-04-19 12:15:08
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
29.7%
Related for CVE-2023-25759