Lucene search

TwcertCVELIST:CVE-2023-24835

HistoryMar 27, 2023 - 12:00 a.m.

CVE-2023-24835 Softnext SPAM SQR - Code Injection

2023-03-2700:00:00

CWE-94

twcert

www.cve.org

softnext technologies corp

code injection

remote attacker

administrator privilege

arbitrary system command

arbitrary system operation

service disruption

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

50.3%

JSON

Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service.

CNA Affected

[
  {
    "vendor": "Softnext",
    "product": "SPAM SQR",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.221231",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6955-c7612-1.html

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

50.3%

JSON

Related for CVELIST:CVE-2023-24835