CVE-2023-49328

{"id": "CVE-2023-49328", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-12-25T06:15:08.530", "references": [{"url": "https://www.gruppotim.it/it/footer/red-team.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the server-to-server module."}, {"lang": "es", "value": "En un servidor Wolters Kluwer B.POINT 23.70.00 que ejecuta Linux localmente, durante la fase de autenticaci\u00f3n, un usuario del sistema validado puede lograr la ejecuci\u00f3n remota de c\u00f3digo mediante la inyecci\u00f3n de argumentos en el m\u00f3dulo de servidor a servidor."}], "lastModified": "2024-01-03T20:43:29.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wolterskluwer:b.point:23.70.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CFE73D3-3711-440D-8D33-3FCDE0B2B989"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}