4.6
CVE-2023-51750
- EPSS 0.29%
- Veröffentlicht 11.01.2024 14:15:44
- Zuletzt bearbeitet 21.11.2024 08:38:44
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Scalefusion ≫ Scalefusion Version10.5.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.2 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 0.9 | 3.6 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-286 Incorrect User Management
The product does not properly manage a user within its environment.
https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59