CVSS 3.1 Score 8.8 of 10 (high)


Published Nov 2, 2023
Updated: Jan 12, 2024


The vulnerability with the CVE ID CVE-2023-26452 affects multiple products, including jmedRx, jmedRw, jmedRz, and others. It allows for the execution of arbitrary SQL statements in the context of the services database user account by abusing image caching requests. Exploiting this vulnerability requires access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. The API requests are now properly checked for valid content and attempts to bypass this check are logged as errors. The potential danger posed by this vulnerability is high as it has a base severity rating of HIGH and can result in significant impact on integrity and confidentiality. However, there are no publicly available exploits known at this time.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-26452 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options