ГлавнаяУязвимости → CVE-2023-46808
9.9критическая

CVE-2023-46808

→ есть в БДУ: BDU:2024-02314 (на русском)
Описание (на английском; русское — в БДУ выше)

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.

Затрагиваемое ПО
Ivanti Neurons for itsm
CVSS
Балл9.9 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Источники
https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSMhttps://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM