github - ghsa-7p8q-cvq9-54g6

ghsa-7p8q-cvq9-54g6

Vulnerability from github

Published

2023-04-18 21:30

Modified

2024-04-04 03:34

Severity

9.8 (Critical) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

A CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-18T21:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "\n\n\nA CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remote\ncode execution when manipulating internal methods through Java RMI interface.\n\n \n\n\n\n",
  "id": "GHSA-7p8q-cvq9-54g6",
  "modified": "2024-04-04T03:34:45Z",
  "published": "2023-04-18T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29412"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-29412

Vulnerability from cvelistv5

Published

2023-04-18 20:50

Modified

2024-08-02 14:07

Severity

9.8 (Critical) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.

References

URL	Tags
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf

Impacted products

Vendor	Product
Schneider Electric	APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)
Schneider Electric	Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:46.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "prior",
              "status": "affected",
              "version": "V2.5-GA-01-22320",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "prior",
              "status": "affected",
              "version": "V2.5-GS-01-22320",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-04-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nCWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command\nInjection\u0027) vulnerability exists that could cause remote code execution when manipulating\ninternal methods through Java RMI interface.\n\n"
            }
          ],
          "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command\nInjection\u0027) vulnerability exists that could cause remote code execution when manipulating\ninternal methods through Java RMI interface."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T12:20:18.929Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-29412",
    "datePublished": "2023-04-18T20:50:08.288Z",
    "dateReserved": "2023-04-05T20:35:41.367Z",
    "dateUpdated": "2024-08-02T14:07:46.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.