CVE-2023-44689
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.7 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| e-gov:e-gov | e-gov | lt | 1.1.1.0 |
| e-gov:e-gov | e-gov | lt | 2.1.1.0 |
CNA Affected
[
{
"vendor": "Digital Agency",
"product": "e-Gov Client Application (Windows version)",
"versions": [
{
"version": "versions prior to 2.1.1.0",
"status": "affected"
}
]
},
{
"vendor": "Digital Agency",
"product": "e-Gov Client Application (macOS version)",
"versions": [
{
"version": "versions prior to 1.1.1.0",
"status": "affected"
}
]
}
]Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.7 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%