CVE-2023-39545

2023-11-1705:30:10

CWE-552

NEC

www.cve.org

cve-2023-39545

arbitrary command execution

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CNA Affected

[
  {
    "product": "CLUSTERPRO X (EXPRESSCLUSTER X)",
    "vendor": "NEC Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
      }
    ]
  },
  {
    "product": "CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)",
    "vendor": "NEC Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
      }
    ]
  }
]

References

jpn.nec.com/security-info/secinfo/nv23-009_en.html