CVE-2023-38746

Name of the Vulnerable Software and Affected Versions CX-Programmer Included in CX-One CXONE-AL[][]D-V4 versions 9.80 and earlier

Description An out-of-bounds read issue exists, which may allow information disclosure and/or arbitrary code execution when a user opens a specially crafted CXP file. This could potentially give an attacker access to confidential information or enable them to execute arbitrary code.

Recommendations For versions 9.80 and earlier, avoid opening specially crafted CXP files until a patch is available. As a temporary workaround, consider restricting access to the CX-Programmer to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.