- Description
- Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-611
- Hype score
- Not currently trending
🚨 CVE-2023-38693 ⚠️🔴 CRITICAL (9.8) 🏢 lucee - Lucee 🏗️ >= 5.4.0.0, < 5.4.3.2 🔗 https://t.co/dzc4OoS9og #CyberCron #VulnAlert #InfoSec https://t.co/qLbhVOaoqW
@cybercronai
7 Mar 2025
125 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
[CVE-2023-38693: CRITICAL] Vulnerability alert: Lucee Server REST endpoint is susceptible to RCE via XML XXE attack. Ensure to update to versions 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, or 5.3.9.173 to mitigate t...#cybersecurity,#vulnerability https://t.co/FiGyosD1y5 https://t.c
@CveFindCom
5 Mar 2025
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes