CVE-2023-38056 HIGH

CVE-2023-38056: Code execution via System Configuration

Vendor Otrs Ag

Product OTRS

Weakness CWE-78

Published July 24, 2023

Last update October 23, 2024

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

Key dates

02Disclosure timeline

July 24, 2023 CVE published

October 23, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-38056

Related vulnerabilities

Identifiers

CVE CVE-2023-38056

CWE CWE-78

CVSS 7.2 / HIGH

Affected versions

Vendor Otrs Ag

Product OTRS

Affected ≥ 7.0.x and < 7.0.45

Vendor Otrs Ag

Product OTRS

Affected ≥ 8.0.x and < 8.0.35

Vendor Otrs Ag

Product ((OTRS)) Community Edition

Affected ≥ 6.0.1 and ≤ 6.0.34

CVE-2023-38056: Code execution via System Configuration

01Description

02Disclosure timeline

03References

04Related CVE