The ACEManager
component of ALEOS 4.16 and earlier does not



validate uploaded
file names and types, which could potentially allow



an authenticated
user to perform client-side script execution within



ACEManager, altering
the device functionality until the device is



restarted.







Advisories
Source ID Title
EUVD EUVD EUVD-2023-45031 The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: SWI

Published:

Updated: 2024-08-02T18:31:53.807Z

Reserved: 2023-08-14T20:59:20.798Z

Link: CVE-2023-40460

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-04T23:15:25.180

Modified: 2024-11-21T08:19:30.983

Link: CVE-2023-40460

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.