Lucene search

[email protected]CVE-2023-27168

HistoryJan 19, 2024 - 2:15 p.m.

CVE-2023-27168

2024-01-1914:15:12

CWE-434

[email protected]

web.nvd.nist.gov

cve-2023-27168

arbitrary file upload

xpand it write-back manager

code execution

vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.2%

JSON

An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.

Affected configurations

NVD

Node

xpand-itwrite-back_managerMatch2.3.1

CPENameOperatorVersion
xpand-it:write-back_managerxpand-it write-back managereq2.3.1

CPE	Name	Operator	Version
xpand-it:write-back_manager	xpand-it write-back manager	eq	2.3.1

References

balwurk.com

balwurk.github.io/CVE-2023-27168/

writeback4t.com

www.xpand-it.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.2%

JSON

Related for CVE-2023-27168

cvelist1 prion1 nvd1