The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-12-25T00:00:00
Updated: 2023-12-25T07:30:19.469879
Reserved: 2023-06-22T00:00:00
Link: CVE-2023-36485
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-25T08:15:07.497
Modified: 2024-02-14T00:22:22.397
Link: CVE-2023-36485
JSON object: View
Redhat Information
No data.
CWE