CVE-2023-30262

An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
mimsoftwaremim_concurrent_license_server
6.5.0 ≤
𝑥
≤ 7.0.9
mimsoftwaremim_local_concurrent_license_server
6.5.0 ≤
𝑥
≤ 7.0.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.kansashealthsystem.com/
https://www.mimsoftware.com/
https://www.mimsoftware.com/cve-2023-30262
https://www.kansashealthsystem.com/
https://www.mimsoftware.com/
https://www.mimsoftware.com/cve-2023-30262