CVE-2023-42404 MEDIUM

CVE-2023-42404

Vendor Onevision
Product Workspace
Weakness CWE-94 · Code injection
Published April 28, 2025
Last update April 28, 2025

CVSS base score

4.9/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution.

Key dates

02Disclosure timeline

April 28, 2025 CVE published
April 28, 2025 Record updated