CVE-2023-39548

Summary

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

Affected Software

VendorProductVersion RangeStatus
NEC CorporationCLUSTERPRO X (EXPRESSCLUSTER X)1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1affected
NEC CorporationCLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.0affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted upload of file with dangerous type

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References