CVE-2023-49328 Information

Description

On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises during the authentication phase a validated system user can achieve remote code execution via Argument Injection in the server-to-server module.

Reference

https://www.gruppotim.it/it/footer/red-team.html