Command Injection Vulnerability in Atos Unify OpenScape 4000 Assistant and Manager
CVE-2023-35032

8.8HIGH

Key Information:

Vendor: Atos
Status: Unify Openscape 4000 Manager; Unify Openscape 4000 Assistant
Vendor: CVE Published:; 12 June 2023

What is CVE-2023-35032?

The Atos Unify OpenScape 4000 Assistant and Manager prior to specified versions have a security flaw that permits authenticated users to execute arbitrary commands. This command injection vulnerability can lead to potential information exposure or system manipulation. Users are encouraged to upgrade to the latest software versions to mitigate associated risks.

References

https://networks.unify.com/security/advisories/OBSO-2305-...

https://www.news.de/technik/856882353/unify-openscape-400...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 12, 2023
Vulnerability Reserved
Jun 12, 2023