PT-2023-29277 · Unknown · E-Gov Client Application

Toyama Taku

Publicado

2023-10-11

Atualizado

2023-10-18

CVE-2023-44689

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions e-Gov Client Application (Windows version) versions prior to 2.1.1.0 e-Gov Client Application (macOS version) versions prior to 1.1.1.0

Description The issue concerns improper authorization in the handler for a custom URL scheme. A crafted URL may direct the product to access an arbitrary website, potentially leading to phishing attacks.

Recommendations For e-Gov Client Application (Windows version) versions prior to 2.1.1.0, update to version 2.1.1.0 or later. For e-Gov Client Application (macOS version) versions prior to 1.1.1.0, update to version 1.1.1.0 or later.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2023-44689

Produtos afetados

E-Gov Client Application

PT-2023-29277 · Unknown · E-Gov Client Application

CVE-2023-44689

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6