exploitDog

CVE-2023-3527

Опубликовано: 18 июл. 2023

Источник: nvd

CVSS3: 6.8

CVSS3: 6.8

EPSS Низкий

Описание

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software

such as Microsoft Excel.

Ссылки

https://download.avaya.com/css/public/documents/101086364
Patch
Vendor Advisory
https://download.avaya.com/css/public/documents/101086364
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:avaya:call_management_system:*:*:*:*:*:*:*:*

Версия до 20.0.0.0 (исключая)

EPSS

Процентиль: 23%

0.00076

Низкий

6.8 Medium

CVSS3

6.8 Medium

CVSS3

Дефекты

CWE-1236

CWE-1236

Связанные уязвимости

GHSA-4hvr-hgmw-438r

CVSS3: 6.8

github

больше 2 лет назад

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.

EPSS

Процентиль: 23%

0.00076

Низкий

6.8 Medium

CVSS3

6.8 Medium

CVSS3

Дефекты

CWE-1236

CWE-1236