CVE-2023-42404

Summary

OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution.

Affected Software

VendorProductVersion RangeStatus
OneVisionWorkspace0 < w29.032affected
OneVisionWorkspacew30 < w30.044affected
OneVisionWorkspacew31 < w31.040affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References