CVE-2023-45160

Name of the Vulnerable Software and Affected Versions 1E Client versions prior to the version with patch Q23094 1E Client Mac versions prior to v8.1.2.62 1E Client Mac versions between v8.1 and v23.11 (exclusive)

Description In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script, by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch.

Recommendations For 1E Client versions prior to the version with patch Q23094, apply patch Q23094 to fix the issue. For 1E Client Mac versions prior to v8.1.2.62, re-download the updated version from the 1E Support site. For 1E Client Mac versions between v8.1 and v23.11 (exclusive), upgrade to v23.11 to remediate this vulnerability.