Remote Code Execution Vulnerability in Atos Unify OpenScape Xpressions WebAssistant
CVE-2023-40265

8.8HIGH

Key Information:

Vendor: Atos
Status: Unify Openscape Xpressions Webassistant
Vendor: CVE Published:; 8 February 2024

What is CVE-2023-40265?

An issue was identified in Atos Unify OpenScape Xpressions WebAssistant prior to version V7R1 FR5 HF42 P911, enabling authenticated attackers to execute arbitrary code remotely due to improper handling of file uploads. This vulnerability poses significant risks as it allows exploitation by authenticated users who can upload malicious files, potentially compromising the integrity and functionality of the system.

References

https://networks.unify.com/security/advisories/OBSO-2305-...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 8, 2024
Vulnerability Reserved
Aug 11, 2023