PT-2024-13997 · Janitza · Gridvis
Fabian Weber
·
Published
2024-03-26
·
Updated
2024-08-06
·
CVE-2023-50895
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Janitza GridVis versions 9.0.66 and earlier
Description
The issue allows remote authenticated administrative users to execute arbitrary Groovy code due to exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality.
Recommendations
For versions 9.0.66 and earlier, consider disabling the project load functionality in the de.janitza.pasw.project.server.ServerDatabaseProject until a patch is available. Restrict access to the ServerDatabaseProject to minimize the risk of exploitation. Avoid using the affected project load functionality until the issue is resolved.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gridvis