Lucene search

HYPRCVELIST:CVE-2023-6336

HistoryJan 16, 2024 - 7:42 p.m.

CVE-2023-6336

2024-01-1619:42:09

CWE-59

HYPR

www.cve.org

improper link resolution

file access

hypr workforce access

macos

user-controlled filename

vulnerability

workforce access 8.7

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H

EPSS

Percentile

9.0%

JSON

Improper Link Resolution Before File Access (‘Link Following’) vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MacOS"
    ],
    "product": "Workforce Access",
    "vendor": "HYPR",
    "versions": [
      {
        "lessThan": "8.7",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  }
]

References

www.hypr.com/security-advisories

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-6336