CVE-2023-31826

HIGH

Skyscreamer Open Source Nevado JMS <1.3.2 - Command Injection

Title source: llm
STIX 2.1

Description

Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.

Scores

CVSS v3 7.8
EPSS 0.0032
EPSS Percentile 23.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-862
Status published
Products (2)
org.skyscreamer/nevado-jms 0Maven
skyscreamer/nevado_jms 1.3.2
Published May 23, 2023
Tracked Since Feb 18, 2026