CVSS 3.1 Score 7.2 of 10 (high)


Published Nov 30, 2023
Updated: Dec 5, 2023


CVE-2023-6071 is an Improper Neutralization of Special Elements used in a command vulnerability that affects ESM versions prior to 11.6.9. This vulnerability allows a remote administrator to execute arbitrary code as root on the ESM, as the input is not properly sanitized when adding a new data source. The vulnerability has a base severity score of 7.2, indicating a high level of risk. The exploitability score is 1.2, and privileges required are high, while user interaction is not required. The attack vector is through the network, and the impact on integrity and confidentiality is also high. Organizations should remediate this vulnerability by updating their ESM version to 11.6.9 or higher to mitigate potential risks and prevent unauthorized code execution on their system.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-6071 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options