Lucene search

[email protected]CVE-2023-28700

HistoryJun 02, 2023 - 11:15 a.m.

CVE-2023-28700

2023-06-0211:15:10

CWE-434

[email protected]

web.nvd.nist.gov

omicard

edm

backend

file upload

vulnerability

nvd

cve-2023-28700

6.8 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

4.7 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:M/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

8.3%

JSON

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.

CPENameOperatorVersion
itpison:omicard_edmitpison omicard edmeq-

CPE	Name	Operator	Version
itpison:omicard_edm	itpison omicard edm	eq	-

References

www.twcert.org.tw/tw/cp-132-7144-b7536-1.html

6.8 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

4.7 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:M/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

8.3%

JSON

Related for CVE-2023-28700

prion1