Lucene search

K
nvd[email protected]NVD:CVE-2024-42423
HistorySep 10, 2024 - 3:15 p.m.

CVE-2024-42423

2024-09-1015:15:17
CWE-863
web.nvd.nist.gov
3
citrix workspace app
dell thinos
authorization vulnerability
information disclosure
unauthorized actions

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0

Percentile

9.6%

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.

Affected configurations

Nvd
Node
citrixworkspaceMatch23.9.0.24.4
AND
dellthinosMatch2402
Node
citrixworkspaceMatch23.9.0.24.4
AND
dellthinosMatch2311
VendorProductVersionCPE
citrixworkspace23.9.0.24.4cpe:2.3:a:citrix:workspace:23.9.0.24.4:*:*:*:*:*:*:*
dellthinos2402cpe:2.3:o:dell:thinos:2402:*:*:*:*:*:*:*
dellthinos2311cpe:2.3:o:dell:thinos:2311:*:*:*:*:*:*:*

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0

Percentile

9.6%

Related for NVD:CVE-2024-42423