CVE-2023-51748

Name of the Vulnerable Software and Affected Versions ScaleFusion versions 10.5.2 through 10.5.6

Description The issue is related to insufficient access control in the isolated environment of Scalefusion MDM Agent, which can be exploited to impact the confidentiality, integrity, and availability of protected information. Specifically, ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used.

Recommendations For versions 10.5.2 through 10.5.6, update to version 10.5.7, which prevents the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. As a temporary workaround, consider restricting the use of Ctrl-O and Ctrl-S shortcuts in the Edge application until a patch is available.