CVE-2023-37913
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-37913 is a vulnerability affecting the XWiki Platform, a wiki platform used to build applications. In versions 3.5-milestone-1 and prior to 14.10.8 and 15.3-rc-1, a specially crafted file name can be used to write the attachment's content to an attacker-controlled location on the server, potentially allowing the execution of arbitrary Java code. This vulnerability can impact the confidentiality, integrity, and availability of XWiki installations. It is triggered when the office converter is used, and can be exploited through attachment moving or by uploading the attachment through the REST API. The vulnerability has been patched in XWiki 14.10.8 and 15.3-rc1, with no known workarounds aside from disabling the office converter.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Xwiki
Affected Vendors
- xwiki