ghsa-x95r-7f45-c9ff
Vulnerability from github
Published
2023-09-14 18:32
Modified
2024-04-04 07:40
Severity
8.8 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-40731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-12T10:15:29Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in QMS Automotive (All versions \u003c V12.39). The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering.",
  "id": "GHSA-x95r-7f45-c9ff",
  "modified": "2024-04-04T07:40:34Z",
  "published": "2023-09-14T18:32:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40731"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.