CVE-2023-41137 Vulnerability Details

  /     /     /  

CVE-2023-41137 Metadata Quick Info

CVE Published: 09/11/2023 | CVE Updated: 28/10/2024 | CVE Year: 2023
Source: AppCheck | Vendor: AppsAnywhere | Product: AppsAnywhere Client
Status : PUBLISHED

---

CVE-2023-41137 Description

Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.

Metrics

CVSS Version: 3.1 | Base Score: 8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-321
CWE Name: Use of Hard-coded Cryptographic Key
Source: AppsAnywhere

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).