Code Injection Vulnerability in DCE Install Packages

Code Injection Vulnerability in DCE Install Packages

CVE-2023-37198 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.

Learn more about our User Device Pen Test.