4.3
CVE-2023-35800
- EPSS 0.1%
- Veröffentlicht 27.06.2023 17:15:10
- Zuletzt bearbeitet 21.11.2024 08:08:44
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Stormshield ≫ Endpoint Security Version >= 2.0.0 <= 2.4.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.279 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.