Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistTwcertCVELIST:CVE-2023-28700
HistoryJun 02, 2023 - 12:00 a.m.

CVE-2023-28700 ITPison OMICARD EDM - Arbitrary File Upload

2023-06-0200:00:00
CWE-434
twcert
www.cve.org
cve-2023-28700
itpison omicard edm
arbitrary file upload
local area network attacker
administrator privileges
arbitrary executable files
arbitrary system commands

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.

CNA Affected

[
  {
    "vendor": "ITPison",
    "product": "OMICARD EDM",
    "versions": [
      {
        "version": "0",
        "status": "unknown"
      }
    ]
  }
]

Related

cve 1
nvd 1
prion 1
cve
cve
CVE-2023-28700
2023-06-02 11:15:10
nvd
nvd
CVE-2023-28700
2023-06-02 11:15:10
prion
prion
Design/Logic Flaw
2023-06-02 11:15:00

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CVELIST:CVE-2023-28700
cve1nvd1prion1