CVE-2023-41137

Опубликовано: 09 нояб. 2023

Источник: nvd

CVSS3: 8

CVSS3: 9.8

EPSS Низкий

Описание

Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.

Ссылки

https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory
Vendor Advisory
https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:*:*:*:*:windows:*:*

cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:*:*:*:*:windows:*:*

cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:*:*:*:*:windows:*:*

cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:*:*:*:*:windows:*:*

cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:*:*:*:*:windows:*:*

Конфигурация 2

Одно из

cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:*:*:*:*:macos:*:*

cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:*:*:*:*:macos:*:*

cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:*:*:*:*:macos:*:*

cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.2:*:*:*:*:macos:*:*

cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:*:*:*:*:macos:*:*

cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:*:*:*:*:macos:*:*

EPSS

Процентиль: 22%

0.00072

Низкий

8 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-321

CWE-798

Связанные уязвимости

GHSA-9r9g-gv68-x7hw

CVSS3: 8

github

около 2 лет назад

Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.

EPSS

Процентиль: 22%

0.00072

Низкий

8 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-321

CWE-798