CVE-2023-26441 Vulnerability Details

  /     /     /  

CVE-2023-26441 Metadata Quick Info

CVE Published: 02/08/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: OX | Vendor: OX Software GmbH | Product: OX App Suite
Status : PUBLISHED

CVE-2023-26441 Description

Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the services system user account. We have improved path validation and make sure that any access is contained to the defined root directory. No publicly available exploits are known.

Metrics

CVSS Version: 3.1 | Base Score: 5.7 MEDIUM
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* PHYSICAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-200
CWE Name: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Source: OX Software GmbH

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-26441 Vulnerability Details