{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2023-33466","title":"Title"},{"category":"description","text":"Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2023-33466","url":"https://www.suse.com/security/cve/CVE-2023-33466"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1212884 for CVE-2023-33466","url":"https://bugzilla.suse.com/1212884"}],"title":"SUSE CVE CVE-2023-33466","tracking":{"current_release_date":"2025-02-16T06:17:58Z","generator":{"date":"2023-07-01T01:27:10Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2023-33466","initial_release_date":"2023-07-01T01:27:10Z","revision_history":[{"date":"2023-07-01T01:27:10Z","number":"2","summary":"Current version"},{"date":"2025-01-01T02:04:19Z","number":"3","summary":"Current version"},{"date":"2025-02-14T06:24:51Z","number":"4","summary":"Current version"},{"date":"2025-02-16T06:17:58Z","number":"5","summary":"Current version"}],"status":"interim","version":"5"}}}