CVE-2023-36255

high-risk
Published 2023-08-03

An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL.

Do I need to act?

!
87.7% chance of exploitation in next 30 days
EPSS score — higher than 12% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Eramba

Affected Vendors

Eramba

References (8)

Broken Link http://eramba.com
https://trovent.github.io/security-advisories/TRSA-2303-01/TRSA-2303-01.txt
Exploit https://trovent.io/security-advisory-2303-01/
https://www.eramba.org
Broken Link http://eramba.com
https://trovent.github.io/security-advisories/TRSA-2303-01/TRSA-2303-01.txt
Exploit https://trovent.io/security-advisory-2303-01/
https://www.eramba.org
55
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal