CVE-2023-2621

6.5MEDIUM

Key Information

Vendor: Hitachi
Status: MACH System Software
Vendor: CVE Published:; 1 November 2023

Summary

The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can exploit this vulnerability by uploading a crafted ZIP archive via the network to McFeeder’s service endpoint.

Affected Version(s)

MACH System Software < 7.17.0.0

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 1, 2023
Vulnerability Reserved.
May 10, 2023

Collectors

NVD DatabaseMitre Database