Lucene search

FlexeraCVELIST:CVE-2023-29081

HistoryJan 26, 2024 - 8:02 p.m.

CVE-2023-29081 InstallShield Symlink Vulnerability Affecting Suite Project Setups

2024-01-2620:02:50

CWE-276

flexera

www.cve.org

cve-2023-29081

installshield

symlink vulnerability

suite setups

denial of service

local authentication

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "InstallShield",
    "vendor": "Revenera",
    "versions": [
      {
        "lessThan": "2023 R2",
        "status": "affected",
        "version": "2023 R1",
        "versionType": "semver"
      }
    ]
  }
]

References

community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2023-29081-InstallShield-Symlink-Vulnerability-Affecting/ta-p/305052

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-29081