Lucene search

HackeroneCVE-2023-28124

HistoryApr 19, 2023 - 8:15 p.m.

CVE-2023-28124

2023-04-1920:15:12

CWE-326

hackerone

web.nvd.nist.gov

cve-2023-28124

nvd

windows

encryption

security

vulnerability

ui desktop

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later.

Affected configurations

Nvd

Vulners

Node

uidesktopRange<0.62.3.0windows

VendorProductVersionCPE
uidesktop*cpe:2.3:a:ui:desktop:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
ui	desktop	*	cpe:2.3:a:ui:desktop::::::windows::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "UI Desktop for Windows",
    "versions": [
      {
        "version": "Fixed on Version 0.62.3 or later.",
        "status": "affected"
      }
    ]
  }
]

References

community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-28124