CVE-2023-40827

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 28, 2023

Updated: Aug 29, 2023

CWE ID 22

Summary

CVE-2023-40827 is a vulnerability affecting pf4j version 3.9.0 and earlier. An attacker can exploit this issue by manipulating the loadpluginPath parameter to gain unauthorized access to sensitive information and execute arbitrary code remotely. This security flaw poses a significant risk, as it allows an attacker to bypass authentication and gain control over the affected system. System administrators are strongly advised to update to the latest version of pf4j to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sbM6cy
https://www.cve.org/CVERecord?id=CVE-2023-40827
https://nvd.nist.gov/vuln/detail/CVE-2023-40827

Back to Vulnerability Database

CVE-2023-40827

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations