CVE-2023-45353

HIGH

Atos Unify Openscape Common Management - Unrestricted File Upload

Title source: rule

Description

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591.

References (2)

Core 2

Core References

Vendor Advisory

https://networks.unify.com/security/advisories/OBSO-2306-02.pdf

Press/Media Coverage

https://www.news.de/technik/857003738/unify-openscape-common-management-platform-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-update-zu-bekannten-schwachstellen-und-sicherheitsluecken-vom-03-07-2023/1/

Scores

CVSS v3 8.8

EPSS 0.0028

EPSS Percentile 51.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

atos/unify_openscape_common_management 10

Published Oct 09, 2023

Tracked Since Feb 18, 2026