Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.8
CVSSv3

CVE-2023-40461

Published: 04/12/2023 Updated: 08/12/2023
CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7
VMScore: 0
Subscribe to Aleos

Vulnerability Summary

The ACEManager component of ALEOS 4.16 and previous versions allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sierrawireless aleos

ICS Advisories

https://ics-cert.us-cert.gov/advisories/dc472431075db9d447184c14f49857bb
Critical Infrastructure Sectors: Commercial Facilities, Communications, Energy, Government Facilities, Transportation Systems, Water and Wastewater Systems

References

CWE-79https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbshttps://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-341-06
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook