Lucene search

[email protected]NVD:CVE-2023-44827

HistoryOct 10, 2023 - 3:15 a.m.

CVE-2023-44827

2023-10-1003:15:09

CWE-77

[email protected]

web.nvd.nist.gov

zentao

community edition

biz

max

arbitrary code execution

crafted script

office conversion settings

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON

An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.

Affected configurations

NVD

Node

easycorpzentaoRange≤18.6community

easycorpzentao_bizRange≤8.6

easycorpzentao_maxRange≤4.7

References

spotted-topaz-6aa.notion.site/Zentao-Authorized-Remote-Code-Execution-Vulnerability-CVE-2023-44827-be731cbe8607496cae35c08cb9ba2436

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON

Related for NVD:CVE-2023-44827

osv1 cvelist1 prion1 cve1