{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-7102","assignerOrgId":"027e81ed-0dd4-4685-ab4d-884aec5bb484","state":"PUBLISHED","assignerShortName":"Mandiant","dateReserved":"2023-12-24T17:32:25.423Z","datePublished":"2023-12-24T21:47:20.453Z","dateUpdated":"2024-08-02T08:50:08.291Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Barracuda ESG Appliance","vendor":"Barracuda Networks Inc.","versions":[{"changes":[{"at":"Patched in all active versions by security update removing the vulnerable logic.","status":"affected"}],"lessThanOrEqual":"9.2.1.001","status":"affected","version":"5.1.3.001","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Barracuda Networks Inc. - https://www.barracuda.com/"},{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"Barracuda Networks Inc. - https://www.barracuda.com/"},{"lang":"en","type":"remediation developer","user":"00000000-0000-4000-9000-000000000000","value":"Barracuda Networks Inc. - https://www.barracuda.com/"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.<p>This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.</p>"}],"value":"Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.\n\n"}],"impacts":[{"capecId":"CAPEC-137","descriptions":[{"lang":"en","value":"CAPEC-137: Parameter Injection"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1104","description":"CWE-1104: Use of Unmaintained Third Party Components","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"027e81ed-0dd4-4685-ab4d-884aec5bb484","shortName":"Mandiant","dateUpdated":"2023-12-26T19:23:33.832Z"},"references":[{"url":"https://www.barracuda.com/company/legal/esg-vulnerability"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-7101"},{"url":"https://metacpan.org/dist/Spreadsheet-ParseExcel"},{"url":"https://github.com/haile01/perl_spreadsheet_excel_rce_poc"},{"url":"https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171"},{"url":"https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md"}],"source":{"discovery":"UNKNOWN"},"title":"Remote Code Execution (RCE) Vulnerability","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T08:50:08.291Z"},"title":"CVE Program Container","references":[{"url":"https://www.barracuda.com/company/legal/esg-vulnerability","tags":["x_transferred"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-7101","tags":["x_transferred"]},{"url":"https://metacpan.org/dist/Spreadsheet-ParseExcel","tags":["x_transferred"]},{"url":"https://github.com/haile01/perl_spreadsheet_excel_rce_poc","tags":["x_transferred"]},{"url":"https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171","tags":["x_transferred"]},{"url":"https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md","tags":["x_transferred"]}]}]}}