Lucene search
HistoryNov 09, 2023 - 12:15 a.m.
CVE-2023-37790
jaspersoft
clarity ppm
14.3.0.298
cve-2023-37790
arbitrary file upload
vulnerability
profile picture upload
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
27.3%
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.
Affected configurations
Node
broadcomclarityMatch14.3.0.298
| CPE | Name | Operator | Version |
|---|---|---|---|
| broadcom:clarity | broadcom clarity | eq | 14.3.0.298 |
Related
cvelist
cvelist
CVE-2023-37790
2023-11-08 00:00:00
prion
prion
Design/Logic Flaw
2023-11-09 00:15:00
nvd
nvd
CVE-2023-37790
2023-11-09 00:15:08
packetstorm
packetstorm
Clarity PPM 14.3.0.298 Cross Site Scripting
2023-07-17 00:00:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
27.3%
Related for CVE-2023-37790