Vulnerability Description
Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Skyscreamer | Nevado Jms | 1.3.2 |
Related Weaknesses (CWE)
References
- http://nevado.skyscreamer.org/Product
- https://github.com/skyscreamer/nevado/issues/121Issue Tracking
- https://github.com/skyscreamer/nevado/releasesRelease Notes
- https://novysodope.github.io/2023/04/01/95/ExploitThird Party Advisory
- http://nevado.skyscreamer.org/Product
- https://github.com/skyscreamer/nevado/issues/121Issue Tracking
- https://github.com/skyscreamer/nevado/releasesRelease Notes
- https://novysodope.github.io/2023/04/01/95/ExploitThird Party Advisory
FAQ
What is CVE-2023-31826?
CVE-2023-31826 is a vulnerability with a CVSS score of 7.8 (HIGH). Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.
How severe is CVE-2023-31826?
CVE-2023-31826 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-31826?
Check the references section above for vendor advisories and patch information. Affected products include: Skyscreamer Nevado Jms.