webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23710.
References
Configurations
Configuration 1 (hide)
|
History
13 Apr 2023, 18:03
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 | |
References | (MISC) https://networks.unify.com/security/advisories/OBSO-2303-01.pdf - Vendor Advisory | |
References | (MISC) https://www.news.de/technik/856806612/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-betroffene-systeme-und-produkte-neue-versionen-und-updates/1/ - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Atos
Atos unify Openscape 4000 Manager Atos unify Openscape 4000 |
|
CPE | cpe:2.3:a:atos:unify_openscape_4000:10:r1:*:*:*:*:*:* cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1:*:*:*:*:*:* |
06 Apr 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-06 23:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-29473
Mitre link : CVE-2023-29473
CVE.ORG link : CVE-2023-29473
JSON object : View
Products Affected
atos
- unify_openscape_4000
- unify_openscape_4000_manager
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')