Arbitrary File Upload Vulnerability in Jaspersoft Clarity PPM
CVE-2023-37790

5.4MEDIUM

Key Information:

Vendor: Broadcom
Status: Clarity
Vendor: CVE Published:; 9 November 2023

Summary

Jaspersoft Clarity PPM version 14.3.0.298 is vulnerable to an arbitrary file upload due to insufficient validation of user-uploaded files through the Profile Picture Upload feature. This security flaw could allow unauthorized users to upload malicious files, potentially compromising the integrity of the system and allowing for further attacks.

References

https://packetstormsecurity.com/files/173508/Clarity-PPM-...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2023
Vulnerability Reserved
Jul 10, 2023