6.5

CVE-2023-40235

Exploit

EPSS 0.24%
Veröffentlicht 10.08.2023 23:15:09
Zuletzt bearbeitet 21.11.2024 08:19:02
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share server that does not accept a guest account, the host will try to authenticate on the share by using the current user's session. NOTE: this issue occurs because Archi uses an unsafe configuration of the Eclipse Modeling Framework.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opengroup ≫ Archi Version < 5.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.476

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

https://github.com/archimatetool/archi/commit/bcab676beddfbeddffecacf755b6692f0b0151f1

Patch

https://github.com/archimatetool/archi/compare/release_5.0.2...release_5.1.0

Release Notes

https://github.com/archimatetool/archi/issues/946

Vendor Advisory

Exploit

Issue Tracking

https://github.com/eclipse-emf/org.eclipse.emf/issues/8

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2023-40235

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40235

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40235

EUVD