CVE-2023-30262

HIGH

Mimsoftware Mim Concurrent License Server - Insecure Deserialization

Title source: rule

Description

An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service.

References (3)

[Not Applicable] https://www.kansashealthsystem.com/

[Product] https://www.mimsoftware.com/

[Mitigation, Patch, Vendor Advisory] https://www.mimsoftware.com/cve-2023-30262

Scores

CVSS v3 8.8

EPSS 0.1069

EPSS Percentile 93.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (2)

mimsoftware/mim_concurrent_license_server < 7.0.9

mimsoftware/mim_local_concurrent_license_server < 7.0.9

Timeline

Published Jun 09, 2023

Tracked Since Feb 18, 2026