PT-2023-5918 · Atos · Atos Unify Openscape Common Management Portal
Published
2023-07-02
·
Updated
2023-10-12
·
CVE-2023-45354
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0
Description
The vulnerability in the web interface of the Atos Unify OpenScape Common Management Platform is related to insufficient protection of service data. Exploitation of the vulnerability may allow an attacker to bypass security restrictions and execute arbitrary code. An authenticated remote attacker can execute arbitrary code on the operating system by using the Common Management Portal web interface.
Recommendations
For Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0, update to V10 R4.17.0 or later to resolve the issue.
For Atos Unify OpenScape Common Management Portal V10 before V10 R5.1.0, update to V10 R5.1.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the Common Management Portal web interface until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Atos Unify Openscape Common Management Portal