Lucene search

PRIOn knowledge basePRION:CVE-2023-51749

HistoryJan 11, 2024 - 2:15 p.m.

Design/Logic Flaw

2024-01-1114:15:00

PRIOn knowledge base

www.prio-n.com

design flaw

scalefusion 10.5.2

user limitation

edge application

search tooltip

vendor position

windows device profile configuration

website allow-listing rules

nvd

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor’s position is “Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules.”

CPENameOperatorVersion
scalefusioneq10.5.2

CPE	Name	Operator	Version
	scalefusion	eq	10.5.2

References

help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent

medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6

medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59