How severe is CVE-2023-39481?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2023-39481?

This is classified as CWE-436, which is a common weakness in software security.

CVE-2023-39481

MEDIUM Year: 2023

CVSS v3 Score

6.6

Medium

Weakness Type

CWE-436

View all →

Vulnerability Description

Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the web server. The issue results from an inconsistency in URI parsing between NGINX and application code. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20551.

CVE-2023-49284

MEDIUM

CVSS:6.6(Medium)

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It wi...

CWE-4362023

CVE-2019-5892

MEDIUM

CVSS:6.5(Medium)

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for...

CWE-4362019

CVE-2022-0011

MEDIUM

CVSS:6.5(Medium)

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL categ...

CWE-4362022

CVE-2022-29254

MEDIUM

CVSS:6.5(Medium)

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), i...

CWE-4362022

CVE-2023-29406

MEDIUM

CVSS:6.5(Medium)

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses t...

CWE-4362023

CVE-2023-30536

MEDIUM

CVSS:6.5(Medium)

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that...

CWE-4362023

CVE-2023-39481

Vulnerability Description

Related Vulnerabilities

CVE-2023-49284

CVE-2019-5892

CVE-2022-0011

CVE-2022-29254

CVE-2023-29406

CVE-2023-30536