PT-2023-5919 · Atos Unify · Atos Unify Openscape Common Management Portal
Published
2023-07-02
·
Updated
2023-10-12
·
CVE-2023-45352
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0
Atos Unify OpenScape Common Management Portal V10 before V10 R5.1.0
Description
The vulnerability in the web interface of the Atos Unify OpenScape Common Management Platform is related to incorrect restriction of the directory path name. Exploitation of the vulnerability may allow a remote attacker to bypass security restrictions and execute arbitrary code. This issue is also known as a path traversal vulnerability, allowing write access outside the intended folders.
Recommendations
For Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0, update to V10 R4.17.0 or later to resolve the issue.
For Atos Unify OpenScape Common Management Portal V10 before V10 R5.1.0, update to V10 R5.1.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the web interface of the Common Management Portal to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Atos Unify Openscape Common Management Portal