mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
55 lines
1.7 KiB
JSON
55 lines
1.7 KiB
JSON
{
|
|
"id": "CVE-2023-37289",
|
|
"sourceIdentifier": "twcert@cert.org.tw",
|
|
"published": "2023-07-20T03:15:10.047",
|
|
"lastModified": "2023-07-20T03:15:10.047",
|
|
"vulnStatus": "Received",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker to exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.\u00a0This issue affects Document On-line Submission and Approval System: 22547, 22567."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "twcert@cert.org.tw",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "twcert@cert.org.tw",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-434"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.twcert.org.tw/tw/cp-132-7225-cef32-1.html",
|
|
"source": "twcert@cert.org.tw"
|
|
}
|
|
]
|
|
} |