CVE-2023-29051

HIGH Year: 2023
CVSS v3 Score
8.1
High
Weakness Type
CWE-284
View all →

Vulnerability Description

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known.

Related Vulnerabilities

CVE-2014-3120

HIGH
CVSS:8.1(High)

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. ...

CWE-2842014

CVE-2015-7887

HIGH
CVSS:8.1(High)

NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.

CWE-2842015

CVE-2016-0304

HIGH
CVSS:8.1(High)

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass a...

CWE-2842016

CVE-2016-10030

HIGH
CVSS:8.1(High)

The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on...

CWE-2842016

CVE-2016-10417

HIGH
CVSS:8.1(High)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, M...

CWE-2842016

CVE-2016-10830

HIGH
CVSS:8.1(High)

cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).

CWE-2842016