PT-2023-18835 · Unknown · Supportcenter Plus

Hms

Publicado

2023-02-01

Atualizado

2023-02-23

CVE-2023-23076

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Support Center Plus version 11

Description The issue is an OS Command injection vulnerability in Support Center Plus via Executor in Action when creating new schedules.

Recommendations For Support Center Plus version 11, consider disabling the Executor in Action feature when creating new schedules until a patch is available. Restrict access to the schedule creation functionality to minimize the risk of exploitation. Avoid using the vulnerable Executor in Action feature in Support Center Plus version 11 until the issue is resolved.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2023-23076

Produtos afetados

Supportcenter Plus

PT-2023-18835 · Unknown · Supportcenter Plus

CVE-2023-23076

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6