PT-2024-14875 · Biovia · Biovia Materials Studio
Published
2024-02-01
·
Updated
2024-02-09
·
CVE-2023-6078
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023
Description
An OS Command Injection issue exists, allowing arbitrary command execution through the upload of a specially crafted perl script.
Recommendations
For Release BIOVIA 2021 through Release BIOVIA 2023, consider restricting the upload of perl scripts to minimize the risk of exploitation until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Biovia Materials Studio