CVE-2023-35031

HIGH

Atos Unify OpenScape Assistant/Manager V10 R0/R1 < V10 R1.42.0 Authenticated Command Injection

Title source: llm
STIX 2.1

Description

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036.

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0156
EPSS Percentile 72.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-77
Status published
Products (2)
atos/unify_openscape_4000_assistant 10 r0 (3 CPE variants)
atos/unify_openscape_4000_manager 10 r0 (3 CPE variants)
Published Jun 12, 2023
Tracked Since Feb 18, 2026