File Upload Vulnerability in Ivanti ITSM Before 2023.4 Allows Remote File Writes and Command Execution
CVE-2023-46808
9.9CRITICAL
Summary
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
Affected Version(s)
ITSM <= 2023.3
News Articles
CVSS V3.1
Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Risk change from: null to: 9.9 - (CRITICAL)
Vulnerability published.
First article discovered by Malwarebytes
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database1 News Article(s)