CVE-2023-31294

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field.

Vulnerabilidad de inyección CSV en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a atacantes remotos obtener información confidencial a través del campo Delivery Name.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-04-27 CVE Reserved
2023-12-29 CVE Published
2024-01-09 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-1236: Improper Neutralization of Formula Elements in a CSV File

CAPEC

References (1)

URL	Tag	Source
https://herolab.usd.de/en/security-advisories/usd-2022-0052	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sesami Search vendor "Sesami"		Cash Point \& Transport Optimizer Search vendor "Sesami" for product "Cash Point \& Transport Optimizer"				6.3.8.6.718 Search vendor "Sesami" for product "Cash Point \& Transport Optimizer" and version "6.3.8.6.718"		-		Affected