CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
33.7%
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client’s temporary directory is now locked down in the released patch.
Resolution: This has been fixed in patch Q23094
This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site.
Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "1E Client",
"vendor": "1E",
"versions": [
{
"lessThanOrEqual": "8.1.2.62",
"status": "affected",
"version": "0",
"versionType": "Q23094"
},
{
"lessThanOrEqual": "8.4.1.159",
"status": "affected",
"version": "0",
"versionType": "Q23094"
},
{
"lessThanOrEqual": "9.0.1.88",
"status": "affected",
"version": "0",
"versionType": "Q23094"
},
{
"lessThanOrEqual": "23.7.1.151",
"status": "affected",
"version": "0",
"versionType": "Q23094"
}
]
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
33.7%