CVE-2023-49213

HIGH

Ironman PowerShell Universal <4.2.0 - RCE

Title source: llm

Description

The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1.

References (2)

Core 2

Core References

Exploit, Mitigation, Vendor Advisory

https://blog.ironmansoftware.com/powershell-universal-apis-cve/

Release Notes

https://docs.powershelluniversal.com/changelogs/changelog

Scores

CVSS v3 8.8

EPSS 0.0213

EPSS Percentile 79.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (2)

ironmansoftware/powershell_universal 4.2.0

ironmansoftware/powershell_universal 3.0.0 - 3.10.2

Published Nov 23, 2023

Tracked Since Feb 18, 2026