Lucene search

[email protected]NVD:CVE-2023-6335

HistoryJan 16, 2024 - 8:15 p.m.

CVE-2023-6335

2024-01-1620:15:45

CWE-59

[email protected]

web.nvd.nist.gov

link resolution

file access

workforce access

windows

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Link Resolution Before File Access (‘Link Following’) vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

Affected configurations

Nvd

Node

hyprworkforce_accessRange<8.7

AND

microsoftwindowsMatch-

VendorProductVersionCPE
hyprworkforce_access*cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hypr	workforce_access	*	cpe:2.3:a:hypr:workforce_access::::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

www.hypr.com/security-advisories

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2023-6335

cvelist1 cve1 prion1