Lucene search

K
cvelistDellCVELIST:CVE-2024-42423
HistorySep 10, 2024 - 2:55 p.m.

CVE-2024-42423

2024-09-1014:55:58
CWE-863
dell
www.cve.org
3
citrix workspace app
dell thinos
incorrect authorization
weblogin
information disclosure
tampering

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

0

Percentile

9.6%

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Wyse Proprietary OS (Modern ThinOS)",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "ThinOS 2311"
      },
      {
        "status": "affected",
        "version": "ThinOS 2402"
      }
    ]
  }
]

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

0

Percentile

9.6%

Related for CVELIST:CVE-2024-42423