CVE-2023-39548

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 73.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NEC Corporation Clusterpro X (expresscluster X)NEC Corporation Clusterpro X Singleserversafe (expresscluster X Singleserversafe)NEC Expresscluster X +1 more

Timeline

PublishedNov 17

Description

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5nec_corporation/clusterpro_x_singleserversafe_(expresscluster_x_singleserversafe)1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.0

▶NVDnec/expresscluster_x_singleserversafe13 versions+12

▶CVEListV5nec_corporation/clusterpro_x_(expresscluster_x)1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1

▶NVDnec/expresscluster_x13 versions+12

Patches

Patch: jpn.nec.com ↗Patch: jpn.nec.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-39548: CLUSTERPRO X Ver5↗2023-11-17

▶

GHSA

GHSA-3wg4-x8pv-x63w: CLUSTERPRO X Ver5↗2023-11-17

▶