PT-2023-23480 · Skyscreamer · Nevado Jms

Novy

Publicado

2023-05-23

Atualizado

2025-01-17

CVE-2023-31826

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Skyscreamer Open Source Nevado JMS version 1.3.2

Description The issue allows attackers to execute arbitrary commands by supplying crafted data due to the lack of security checks when receiving messages.

Recommendations For Skyscreamer Open Source Nevado JMS version 1.3.2, consider implementing security checks for incoming messages to prevent the execution of arbitrary commands until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2023-31826

GHSA-7GM3-MWJW-J53W

Produtos afetados

Nevado Jms

PT-2023-23480 · Skyscreamer · Nevado Jms

CVE-2023-31826

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10