CRITICAL🇵🇱 Wersja polska

CVE-2023-29411

CVSS 9.8v3.1pub. 2023-04-18upd. 2024-11-21

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Windows 10

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows 11

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows Server 2016

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows Server 2019

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows Server 2022

    OS
    Microsoft
    wszystkie wersje
  • Schneider Electric Apc Easy Ups Online Monitoring Software

    APP
    Schneider-Electric
    ≤ 2.5-ga-01-22320
  • Schneider Electric Easy Ups Online Monitoring Software

    APP
    Schneider-Electric
    ≤ 2.5-gs-01-22320
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-59287CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE w Windows Server Update Service (WSUS) — deserializacja danych

CVE-2020-1350CRITICAL10.0⚠ KEVten sam produkt

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...

CVE-2020-1040CRITICAL9.0⚠ KEVten sam produkt

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...

CVE-2020-0646CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...

CVE-2017-8543CRITICAL9.8⚠ KEVten sam produkt

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows S...