Lucene search

FlexeraCVE-2023-29081

HistoryJan 26, 2024 - 8:15 p.m.

CVE-2023-29081

2024-01-2620:15:54

CWE-276

flexera

web.nvd.nist.gov

vulnerability

suite setups

installshield

2023

dos

nvd

cve-2023-29081

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

JSON

A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders.

Affected configurations

Nvd

Node

flexerainstallshieldMatch2016-

flexerainstallshieldMatch2016sp1

flexerainstallshieldMatch2016sp2

flexerainstallshieldMatch2017-

flexerainstallshieldMatch2017sp1

flexerainstallshieldMatch2018-

flexerainstallshieldMatch2018r2

flexerainstallshieldMatch2018sp1

flexerainstallshieldMatch2019-

flexerainstallshieldMatch2019r2

flexerainstallshieldMatch2019r3

flexerainstallshieldMatch2020-

flexerainstallshieldMatch2020r2

flexerainstallshieldMatch2020r3

flexerainstallshieldMatch2020r3sp1

flexerainstallshieldMatch2021r1

flexerainstallshieldMatch2021r2

flexerainstallshieldMatch2022r1

flexerainstallshieldMatch2022r2

flexerainstallshieldMatch2023r1

VendorProductVersionCPE
flexerainstallshield2016cpe:2.3:a:flexera:installshield:2016:-:*:*:*:*:*:*
flexerainstallshield2016cpe:2.3:a:flexera:installshield:2016:sp1:*:*:*:*:*:*
flexerainstallshield2016cpe:2.3:a:flexera:installshield:2016:sp2:*:*:*:*:*:*
flexerainstallshield2017cpe:2.3:a:flexera:installshield:2017:-:*:*:*:*:*:*
flexerainstallshield2017cpe:2.3:a:flexera:installshield:2017:sp1:*:*:*:*:*:*
flexerainstallshield2018cpe:2.3:a:flexera:installshield:2018:-:*:*:*:*:*:*
flexerainstallshield2018cpe:2.3:a:flexera:installshield:2018:r2:*:*:*:*:*:*
flexerainstallshield2018cpe:2.3:a:flexera:installshield:2018:sp1:*:*:*:*:*:*
flexerainstallshield2019cpe:2.3:a:flexera:installshield:2019:-:*:*:*:*:*:*
flexerainstallshield2019cpe:2.3:a:flexera:installshield:2019:r2:*:*:*:*:*:*

Vendor	Product	Version	CPE
flexera	installshield	2016	cpe:2.3:a:flexera:installshield:2016:-::::::
flexera	installshield	2016	cpe:2.3:a:flexera:installshield:2016:sp1::::::
flexera	installshield	2016	cpe:2.3:a:flexera:installshield:2016:sp2::::::
flexera	installshield	2017	cpe:2.3:a:flexera:installshield:2017:-::::::
flexera	installshield	2017	cpe:2.3:a:flexera:installshield:2017:sp1::::::
flexera	installshield	2018	cpe:2.3:a:flexera:installshield:2018:-::::::
flexera	installshield	2018	cpe:2.3:a:flexera:installshield:2018:r2::::::
flexera	installshield	2018	cpe:2.3:a:flexera:installshield:2018:sp1::::::
flexera	installshield	2019	cpe:2.3:a:flexera:installshield:2019:-::::::
flexera	installshield	2019	cpe:2.3:a:flexera:installshield:2019:r2::::::

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "InstallShield",
    "vendor": "Revenera",
    "versions": [
      {
        "lessThan": "2023 R2",
        "status": "affected",
        "version": "2023 R1",
        "versionType": "semver"
      }
    ]
  }
]

References

community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2023-29081-InstallShield-Symlink-Vulnerability-Affecting/ta-p/305052

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-29081