CVE-2023-36485

Published: 2023-12-25T08:15Z

Last Modified: 2024-11-21T08:09Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt