CVE-2023-2257

EPSS 0.02%
Veröffentlicht 24.04.2023 19:15:09
Zuletzt bearbeitet 04.02.2025 16:15:36
Quelle security@devolutions.net
CVE-Watchlists
Login
Unerledigt
Login

Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub 
Business space without being prompted to enter the password via an 
unimplemented "Force Login" security feature.

This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Devolutions ≫ Workspace SwEditiondesktop Version < 2023.1.1.4

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.034

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.1	1.8	4.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://devolutions.net/security/advisories/DEVO-2023-0011

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-2257

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2257

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2257

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-2257