9.8
CVE-2023-41137
- EPSS 0.07%
- Veröffentlicht 09.11.2023 15:15:08
- Zuletzt bearbeitet 21.11.2024 08:20:39
- Quelle info@appcheck-ng.com
- Teams Watchlist Login
- Unerledigt Login
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Appsanywhere ≫ Appsanywhere Client Version1.4.0 SwPlatformwindows
Appsanywhere ≫ Appsanywhere Client Version1.4.1 SwPlatformwindows
Appsanywhere ≫ Appsanywhere Client Version1.5.1 SwPlatformwindows
Appsanywhere ≫ Appsanywhere Client Version1.6.0 SwPlatformwindows
Appsanywhere ≫ Appsanywhere Client Version2.0.0 SwPlatformwindows
Appsanywhere ≫ Appsanywhere Client Version1.4.0 SwPlatformmacos
Appsanywhere ≫ Appsanywhere Client Version1.4.1 SwPlatformmacos
Appsanywhere ≫ Appsanywhere Client Version1.5.1 SwPlatformmacos
Appsanywhere ≫ Appsanywhere Client Version1.5.2 SwPlatformmacos
Appsanywhere ≫ Appsanywhere Client Version1.6.0 SwPlatformmacos
Appsanywhere ≫ Appsanywhere Client Version2.0.0 SwPlatformmacos
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.226 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| info@appcheck-ng.com | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-321 Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.