CVE Published: 24/07/2023 |
CVE Updated: 23/10/2024 |
CVE Year: 2023 Source: OTRS |
Vendor: OTRS AG |
Product: OTRS Status : PUBLISHED
CVE-2023-38056 Description
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
Metrics
CVSS Version: 3.1 |
Base Score: 7.2 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H