Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-39548: NVNV23-009_en: セキュリティ情報 | NEC

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVE
Open in Source
#vulnerability#web#windows#linux#auth

Multiple vulnerabilities in EXPRESSCLUSTER X

Number:NV23-009
CVE:CVE-2023-39544, CVE-2023-39545, CVE-2023-39546, CVE-2023-39547, CVE-2023-39548

Overview

EXPRESSCLUSTER X WebManager/Cluster WebUI contains multiple vulnerabilities.

Missing Authorization(CVE-2023-39544)
Files or Directories Accessible to External Parties(CVE-2023-39545)
Authentication Bypass(CVE-2023-39546)
Improper Authentication(CVE-2023-39547)
Unrestricted Upload of File with Dangerous Type(CVE-2023-39548)

Products Affected

EXPRESSCLUSTER X

Affected Version

EXPRESSCLUSTER X 1.0 for Windows
EXPRESSCLUSTER X 2.0 for Windows
EXPRESSCLUSTER X 2.1 for Windows
EXPRESSCLUSTER X 3.0 for Windows
EXPRESSCLUSTER X 3.1 for Windows
EXPRESSCLUSTER X 3.2 for Windows
EXPRESSCLUSTER X 3.3 for Windows
EXPRESSCLUSTER X 4.0 for Windows
EXPRESSCLUSTER X 4.1 for Windows
EXPRESSCLUSTER X 4.2 for Windows
EXPRESSCLUSTER X 4.3 for Windows
EXPRESSCLUSTER X 5.0 for Windows

EXPRESSCLUSTER X SingleServerSafe 1.0 for Windows
EXPRESSCLUSTER X SingleServerSafe 2.0 for Windows
EXPRESSCLUSTER X SingleServerSafe 2.1 for Windows
EXPRESSCLUSTER X SingleServerSafe 3.0 for Windows
EXPRESSCLUSTER X SingleServerSafe 3.1 for Windows
EXPRESSCLUSTER X SingleServerSafe 3.2 for Windows
EXPRESSCLUSTER X SingleServerSafe 3.3 for Windows
EXPRESSCLUSTER X SingleServerSafe 4.0 for Windows
EXPRESSCLUSTER X SingleServerSafe 4.1 for Windows
EXPRESSCLUSTER X SingleServerSafe 4.2 for Windows
EXPRESSCLUSTER X SingleServerSafe 4.3 for Windows
EXPRESSCLUSTER X SingleServerSafe 5.0 for Windows

EXPRESSCLUSTER X 1.0 for Linux
EXPRESSCLUSTER X 2.0 for Linux
EXPRESSCLUSTER X 2.1 for Linux
EXPRESSCLUSTER X 3.0 for Linux
EXPRESSCLUSTER X 3.1 for Linux
EXPRESSCLUSTER X 3.2 for Linux
EXPRESSCLUSTER X 3.3 for Linux
EXPRESSCLUSTER X 4.0 for Linux
EXPRESSCLUSTER X 4.1 for Linux
EXPRESSCLUSTER X 4.2 for Linux
EXPRESSCLUSTER X 4.3 for Linux
EXPRESSCLUSTER X 5.0 for Linux
EXPRESSCLUSTER X 5.1 for Linux

EXPRESSCLUSTER X 1.0 SingleServerSafe for Linux
EXPRESSCLUSTER X 2.0 SingleServerSafe for Linux
EXPRESSCLUSTER X 2.1 SingleServerSafe for Linux
EXPRESSCLUSTER X 3.0 SingleServerSafe for Linux
EXPRESSCLUSTER X 3.1 SingleServerSafe for Linux
EXPRESSCLUSTER X 3.2 SingleServerSafe for Linux
EXPRESSCLUSTER X 3.3 SingleServerSafe for Linux
EXPRESSCLUSTER X 4.0 SingleServerSafe for Linux
EXPRESSCLUSTER X 4.1 SingleServerSafe for Linux
EXPRESSCLUSTER X 4.2 SingleServerSafe for Linux
EXPRESSCLUSTER X 4.3 SingleServerSafe for Linux
EXPRESSCLUSTER X 5.0 SingleServerSafe for Linux
EXPRESSCLUSTER X 5.1 SingleServerSafe for Linux

Solution

References

Credit

reported by Mr. David Levard in Videotron for NEC-PSIRT

Update

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE