Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-24484
HistoryFeb 16, 2023 - 6:15 p.m.

CVE-2023-24484

2023-02-1618:15:11
CWE-284
[email protected]
web.nvd.nist.gov
84
cve-2023-24484
log files
unauthorized access
directory
nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A malicious user can cause log files to be written to a directory that they do not have permission to write to.

Affected configurations

NVD
Node
citrixworkspaceRange<2212-windows
OR
citrixworkspaceMatch1912-ltsrwindows
OR
citrixworkspaceMatch1912cu1ltsrwindows
OR
citrixworkspaceMatch1912cu1-hf1ltsrwindows
OR
citrixworkspaceMatch1912cu2ltsrwindows
OR
citrixworkspaceMatch1912cu3ltsrwindows
OR
citrixworkspaceMatch1912cu4ltsrwindows
OR
citrixworkspaceMatch1912cu5ltsrwindows
OR
citrixworkspaceMatch1912cu6ltsrwindows
OR
citrixworkspaceMatch2203.1-ltsrwindows
OR
citrixworkspaceMatch2203.1cu1ltsrwindows

CNA Affected

[
  {
    "vendor": "Citrix",
    "product": "Citrix Workspace App for Windows",
    "versions": [
      {
        "version": "Citrix Workspace App versions",
        "status": "affected",
        "lessThan": "2212",
        "versionType": "custom",
        "changes": [
          {
            "at": "2203 LTSR before CU2 ",
            "status": "unaffected"
          },
          {
            "at": "1912 LTSR before CU7 Hotfix 2 (19.12.7002) ",
            "status": "unaffected"
          }
        ]
      }
    ]
  }
]

Related

prion 1
cvelist 1
nvd 1
nessus 1
citrix 1
cisa 1
malwarebytes 1
prion
prion
Directory traversal
2023-02-16 18:15:00
cvelist
cvelist
CVE-2023-24484 A malicious user can cause log files to be written to a directory that they do not have permission to write to.
2023-02-16 00:00:00
nvd
nvd
CVE-2023-24484
2023-02-16 18:15:11
nessus
nessus
Citrix Workspace App for Windows Multiple Vulnerabilities (CTX477617)
2023-02-17 00:00:00
citrix
citrix
Citrix Workspace app for Windows Security Bulletin for CVE-2023-24484 & CVE-2023-24485
2023-02-14 16:01:35
cisa
cisa
Citrix Releases Security Updates for Workspace Apps, Virtual Apps and Desktops
2023-02-14 00:00:00
malwarebytes
malwarebytes
Update now! February's Patch Tuesday tackles three zero-days
2023-02-15 03:00:00

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for CVE-2023-24484
prion1cvelist1nvd1nessus1citrix1cisa1malwarebytes1