How severe is CVE-2023-39478?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2023-39478?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2023-39478 - MEDIUM Severity | CVSS 6.6

Vulnerability Description

Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of OPC FileDirectory namespaces. The issue results from the lack of proper validation of user-supplied data before using it to create a server object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20547.

Related Vulnerabilities

CVE-2017-5634

MEDIUM

CVSS:6.6(Medium)

The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privi...

CWE-6682017

CVE-2012-5639

MEDIUM

CVSS:6.5(Medium)

LibreOffice and OpenOffice automatically open embedded content

CWE-6682012

CVE-2018-20237

MEDIUM

CVSS:6.5(Medium)

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

CWE-6682018

CVE-2019-12875

MEDIUM

CVSS:6.5(Medium)

Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.

CWE-6682019

CVE-2019-4306

MEDIUM

CVSS:6.5(Medium)

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that re...

CWE-6682019

CVE-2020-12687

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve a...

CWE-6682020