Lucene search

AlgoSecCVELIST:CVE-2023-46595

HistoryNov 02, 2023 - 7:47 a.m.

CVE-2023-46595 Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor

2023-11-0207:47:50

CWE-79

AlgoSec

www.cve.org

cve-2023-46595

net-ntlm leak

html injection

fireflow visualflow

workflow editor

domain credentials

relay attack

security vulnerability

patch a32.20

patch a32.50

5.9 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "64 bit",
      "Linux"
    ],
    "product": "Algosec FireFlow",
    "vendor": "Algosec",
    "versions": [
      {
        "status": "affected",
        "version": "A32.20, A32.50"
      }
    ]
  }
]

References

cwe.mitre.org/data/definitions/79.html

5.9 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for CVELIST:CVE-2023-46595