Lucene search

[email protected]CVE-2023-41357

HistoryNov 03, 2023 - 7:15 a.m.

CVE-2023-41357

2023-11-0307:15:14

CWE-434

[email protected]

web.nvd.nist.gov

galaxy software

vitals esp

file upload

vulnerability

cve-2023-41357

nvd

system operations

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.4%

JSON

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service.

Affected configurations

NVD

Node

gssvitals_enterprise_social_platformRange≤6.1

CPENameOperatorVersion
gss:vitals_enterprise_social_platformgss vitals enterprise social platformle6.1

CPE	Name	Operator	Version
gss:vitals_enterprise_social_platform	gss vitals enterprise social platform	le	6.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Vitals ESP ",
    "vendor": "Galaxy Software Services",
    "versions": [
      {
        "status": "affected",
        "version": "6.1 and prior"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7508-6d1ef-1.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.4%

JSON

Related for CVE-2023-41357

prion1 nvd1 cvelist1