PT-2023-27817 · Unknown · Appsanywhere

Gaelan Steele

Publicado

2023-11-09

Atualizado

2024-10-28

CVE-2023-41137

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AppsAnywhere (affected versions not specified)

Description The issue concerns the symmetric encryption used to protect messages between the AppsAnywhere server and client. This encryption can be broken by reverse engineering the client, allowing an attacker to impersonate the AppsAnywhere server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798CWE-321

Identificadores relacionados

CVE-2023-41137

Produtos afetados

Appsanywhere

PT-2023-27817 · Unknown · Appsanywhere

CVE-2023-41137

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5