CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45163 – 1E-Exchange-CommandLinePing instruction before v18.1 allows for arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-45163
The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI La instrucción 1E-Exchange-CommandLinePing que forma parte del paquete de productos Network disponible en 1E Exchange no valida correctamente el parámetro de entrada, lo que permite una entrada especialmente manipulada para realizar la ejecución de código arbitrario con permisos del SYSTEM. Para solucionar este problema, descargue el paquete de producto de red actualizado desde 1E Exchange y actualice la instrucción 1E-Exchange-CommandLinePing a v18.1 cargándola a través de la interfaz de usuario de carga de instrucciones de 1E Platform. • https://https://exchange.1e.com/product-packs/network https://www.1e.com/trust-security-compliance/cve-info • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45161 – 1E-Exchange-URLResponseTime instruction before v20.1 allows arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-45161
The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI La instrucción 1E-Exchange-URLResponseTime que forma parte del paquete de productos Network disponible en 1E Exchange no valida correctamente el parámetro URL, lo que permite una entrada especialmente manipulada para realizar la ejecución de código arbitrario con permisos del SYSTEM. Para solucionar este problema, descargue el paquete de producto de red actualizado desde 1E Exchange y actualice la instrucción 1E-Exchange-URLResponseTime a v20.1 cargándola a través de la interfaz de usuario de carga de instrucciones de 1E Platform. • https://exchange.1e.com/product-packs/network https://www.1e.com/trust-security-compliance/cve-info • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32089
https://notcve.org/view.php?id=CVE-2023-32089
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description Las versiones 8.1 a 8.8.2 de Pega Platform se ven afectadas por un problema XSS con la descripción del Pin • https://support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32088
https://notcve.org/view.php?id=CVE-2023-32088
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation Las versiones 8.1 a Infinity 23.1.0 de Pega Platform se ven afectadas por un problema XSS con la creación de casos ad-hoc • https://support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32087
https://notcve.org/view.php?id=CVE-2023-32087
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation Las versiones 8.1 a Infinity 23.1.0 de Pega Platform se ven afectadas por un problema XSS con la creación de tareas • https://support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •