CVE-2023-32225 - OpenCVE

Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Sysaid	Sysaid On-premises

Configuration 1 [-]

cpe:2.3:a:sysaid:sysaid_on-premises:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.gov.il/en/Departments/faq/cve_advisories	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: INCD

Published: 2023-07-30T07:16:24.730Z

Updated: 2023-07-30T07:16:24.730Z

Reserved: 2023-05-04T20:53:11.224Z

Link: CVE-2023-32225

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-30T08:15:46.760

Modified: 2023-08-03T20:46:02.310

Link: CVE-2023-32225

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-32225", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "state": "PUBLISHED", "assignerShortName": "INCD", "dateReserved": "2023-05-04T20:53:11.224Z", "datePublished": "2023-07-30T07:16:24.730Z", "dateUpdated": "2023-07-30T07:16:24.730Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sysaid", "vendor": "Sysaid", "versions": [{"lessThan": "23.2.14 b18", "status": "affected", "version": "All versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Niv Levy"}], "datePublic": "2023-07-30T06:54:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - \n\n<span style=\"background-color: rgb(255, 255, 255);\">A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.</span>\n\n"}], "value": " Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -\u00a0\n\nA malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2023-07-30T07:16:24.730Z"}, "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update to version 23.2.14 b18 (On-Prem). </span>\n\n<br>"}], "value": "\nUpdate to version 23.2.14 b18 (On-Prem). \n\n\n"}], "source": {"advisory": "ILVN-2023-0112", "discovery": "UNKNOWN"}, "title": " Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}