CVE-2023-42404
MEDIUMOneVision Workspace < WS23.1 SR1 - Remote Code Execution via Java EL Injection
Title source: llmDescription
OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution.
References (2)
Core 2
Core References
Third Party Advisory
https://code-white.com/public-vulnerability-list/
Product
https://www.onevision.com/
Scores
CVSS v3
4.9
EPSS
0.0030
EPSS Percentile
21.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-94
Status
published
Products (3)
onevision/workspace
22.1
onevision/workspace
22.2
onevision/workspace
23.1
Published
Apr 28, 2025
Tracked Since
Feb 18, 2026