How severe is CVE-2023-22505?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2023-22505?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2023-22505

HIGH Year: 2023

CVSS v3 Score

8.0

High

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to one of these fixed versions: 8.3.2, 8.4.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html).|https://confluence.atlassian.com/doc/confluence-release-notes-327.html).] You can download the latest version of Confluence Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives).|https://www.atlassian.com/software/confluence/download-archives).] This vulnerability was discovered by a private user and reported via our Bug Bounty program.

CVE-2016-1991

HIGH

CVSS:8.0(High)

HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download"...

NVD-CWE-Other2016

CVE-2017-10403

HIGH

CVSS:8.0(High)

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Difficult...

NVD-CWE-Other2017

CVE-2017-16674

HIGH

CVSS:8.0(High)

Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command a...

NVD-CWE-Other2017

CVE-2018-2601

HIGH

CVSS:8.0(High)

Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 ...

NVD-CWE-Other2018

CVE-2018-3662

HIGH

CVSS:8.0(High)

Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root.

NVD-CWE-Other2018

CVE-2018-5234

HIGH

CVSS:8.0(High)

The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable ...

NVD-CWE-Other2018

CVE-2023-22505

Vulnerability Description

Related Vulnerabilities

CVE-2016-1991

CVE-2017-10403

CVE-2017-16674

CVE-2018-2601

CVE-2018-3662

CVE-2018-5234