Vulnerabilities (CVE)

Filtered by vendor Atos Subscribe
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6269 1 Atos 3 Unify Openscape Bcf, Unify Openscape Branch, Unify Openscape Session Border Controller 2024-02-28 N/A 9.8 CRITICAL
An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user.
CVE-2023-45354 1 Atos 1 Unify Openscape Common Management 2024-02-28 N/A 8.8 HIGH
Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated remote attacker to execute arbitrary code on the operating system by using the Common Management Portal web interface. This is also known as OCMP-6589.
CVE-2023-45349 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2024-02-28 N/A 7.5 HIGH
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V10 R0 expose sensitive information that may allow lateral movement to the backup system via AShbr. This is also known as OSFOURK-23722.
CVE-2023-45353 1 Atos 1 Unify Openscape Common Management 2024-02-28 N/A 8.8 HIGH
Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591.
CVE-2023-45356 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2024-02-28 N/A 8.8 HIGH
Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal. This is also known as OSFOURK-23719.
CVE-2023-45350 1 Atos 1 Unify Openscape 4000 Manager 2024-02-28 N/A 8.8 HIGH
Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege escalation that may lead to the ability of an authenticated attacker to run arbitrary code via AScm. This is also known as OSFOURK-24034.
CVE-2023-45355 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2024-02-28 N/A 8.8 HIGH
Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. This is also known as OSFOURK-24120.
CVE-2023-45352 1 Atos 1 Unify Openscape Common Management 2024-02-28 N/A 8.8 HIGH
Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This is also known as OCMP-6592.
CVE-2023-45351 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2024-02-28 N/A 8.8 HIGH
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.
CVE-2023-35031 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2024-02-28 N/A 8.8 HIGH
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036.
CVE-2023-35035 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2024-02-28 N/A 8.8 HIGH
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557.
CVE-2023-35034 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2024-02-28 N/A 9.8 CRITICAL
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033.
CVE-2023-29474 1 Atos 2 Unify Openscape 4000, Unify Openscape 4000 Manager 2024-02-28 N/A 9.8 CRITICAL
inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23552.
CVE-2023-29475 1 Atos 2 Unify Openscape 4000, Unify Openscape 4000 Manager 2024-02-28 N/A 9.8 CRITICAL
inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23543.
CVE-2023-29473 1 Atos 2 Unify Openscape 4000, Unify Openscape 4000 Manager 2024-02-28 N/A 9.8 CRITICAL
webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23710.
CVE-2023-35032 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2024-02-28 N/A 8.8 HIGH
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554.
CVE-2023-35033 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2024-02-28 N/A 8.8 HIGH
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23556.
CVE-2023-30638 1 Atos 3 Unify Openscape Bcf, Unify Openscape Branch, Unify Openscape Session Border Controller 2024-02-28 N/A 7.2 HIGH
Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands.
CVE-2022-46404 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2024-02-28 N/A 9.8 CRITICAL
A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.
CVE-2022-36444 1 Atos 3 Unify Openscape Bcf, Unify Openscape Branch, Unify Openscape Session Border Controller 2024-02-28 N/A 9.8 CRITICAL
An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote code execution vulnerability may allow an unauthenticated attacker (with network access to the admin interface) to disrupt system availability or potentially compromise the confidentiality and integrity of the system.