PT-2023-29277 · Unknown · E-Gov Client Application

Toyama Taku

Published

2023-10-11

Updated

2023-10-18

CVE-2023-44689

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions e-Gov Client Application (Windows version) versions prior to 2.1.1.0 e-Gov Client Application (macOS version) versions prior to 1.1.1.0

Description The issue concerns improper authorization in the handler for a custom URL scheme. A crafted URL may direct the product to access an arbitrary website, potentially leading to phishing attacks.

Recommendations For e-Gov Client Application (Windows version) versions prior to 2.1.1.0, update to version 2.1.1.0 or later. For e-Gov Client Application (macOS version) versions prior to 1.1.1.0, update to version 1.1.1.0 or later.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2023-44689

Affected Products

E-Gov Client Application

PT-2023-29277 · Unknown · E-Gov Client Application

CVE-2023-44689

Weakness Enumeration

Related Identifiers

Affected Products

References · 6