PT-2023-29527 · Atos · Atos Unify Openscape Common Management Portal
Published
2023-10-08
·
Updated
2023-10-12
·
CVE-2023-45353
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Atos Unify OpenScape Common Management Portal versions prior to V10 R4.17.0
Atos Unify OpenScape Common Management Portal versions prior to V10 R5.1.0
Description
The issue allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for authenticated remote upload and creation of arbitrary files affecting the underlying operating system.
Recommendations
For versions prior to V10 R4.17.0, update to V10 R4.17.0 or later to resolve the issue.
For versions prior to V10 R5.1.0, update to V10 R5.1.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the Common Management Portal web interface until a patch is applied.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Atos Unify Openscape Common Management Portal