Lucene search

K
cvelistTwcertCVELIST:CVE-2023-28700
HistoryJun 02, 2023 - 12:00 a.m.

CVE-2023-28700 ITPison OMICARD EDM - Arbitrary File Upload

2023-06-0200:00:00
CWE-434
twcert
www.cve.org
cve-2023-28700
itpison omicard edm
arbitrary file upload
local area network attacker
administrator privileges
arbitrary executable files
arbitrary system commands

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.

CNA Affected

[
  {
    "vendor": "ITPison",
    "product": "OMICARD EDM",
    "versions": [
      {
        "version": "0",
        "status": "unknown"
      }
    ]
  }
]

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2023-28700