Primary

Context

Software AG ARIS File Upload Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A file upload vulnerability has been identified in Software AG ARIS version 10.0.23.0.3587512 and prior. This vulnerability allows attackers to execute arbitrary code by uploading a specially crafted PDF file or malware. The issue arises in the file upload API, where insufficient validation of uploaded file contents enables the execution of malicious code when the downloaded file is opened.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the victim's system.

Remediation

Users are advised to update to ARIS versions later than 10.0.23.0.3587512.

Added: Jan 7, 2026, 5:35 PM

Updated: Jan 7, 2026, 5:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.0

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.0

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Software AG ARIS File Upload Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating