6.5

CVE-2023-40235

Exploit

EPSS 0.24%
Published 10.08.2023 23:15:09
Last modified 21.11.2024 08:19:02
Source cve@mitre.org
Teams watchlist Login
Open Login

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share server that does not accept a guest account, the host will try to authenticate on the share by using the current user's session. NOTE: this issue occurs because Archi uses an unsafe configuration of the Eclipse Modeling Framework.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Opengroup ≫ Archi Version < 5.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.476

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

https://github.com/archimatetool/archi/commit/bcab676beddfbeddffecacf755b6692f0b0151f1

Patch

https://github.com/archimatetool/archi/compare/release_5.0.2...release_5.1.0

Release Notes

https://github.com/archimatetool/archi/issues/946

Vendor Advisory

Exploit

Issue Tracking

https://github.com/eclipse-emf/org.eclipse.emf/issues/8

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2023-40235

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40235

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40235

EUVD