Lucene search

[email protected]NVD:CVE-2023-30187

HistoryAug 14, 2023 - 1:15 p.m.

CVE-2023-30187

2023-08-1413:15:10

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-30187

memory access vulnerability

onlyoffice documentserver

remote code execution

javascript file

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.006

Percentile

78.7%

JSON

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.

Affected configurations

Nvd

Node

onlyofficedocument_serverRange4.0.3–7.3.2

VendorProductVersionCPE
onlyofficedocument_server*cpe:2.3:a:onlyoffice:document_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
onlyoffice	document_server	*	cpe:2.3:a:onlyoffice:document_server::::::::

References

onlyoffice.com

gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2

github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/

github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110

github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a

github.com/ONLYOFFICE/DocumentServer

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.006

Percentile

78.7%

JSON

Related for NVD:CVE-2023-30187

cve1 osv1 cvelist1 prion1