Lucene search

[email protected]CVE-2023-43624

HistoryOct 23, 2023 - 5:15 a.m.

CVE-2023-43624

2023-10-2305:15:07

CWE-611

[email protected]

web.nvd.nist.gov

cx-designer

ver.3.740

xxe vulnerability

disclosure

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

19.7%

JSON

CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed may be disclosed.

CPENameOperatorVersion
omrom:cx-designeromrom cx-designerle3.740

CPE	Name	Operator	Version
omrom:cx-designer	omrom cx-designer	le	3.740

References

jvn.jp/en/vu/JVNVU98683567/

www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-011_en.pdf

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

19.7%

JSON

Related for CVE-2023-43624

prion1 cvelist1