Skip to main content

Endpoint Security CVE-2023-23561

MEDIUM
Origin Validation Error (CWE-346)
2023-05-30 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 30, 2023 - 20:15 nvd
MEDIUM 5.5

DescriptionNVD

Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information.

AnalysisAI

Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-346. Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. Affected products include: Stormshield Endpoint Security. Version information: through 2.3.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-0353 HIGH POC
7.8 Feb 15

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete file

CVE-2019-8461 HIGH POC
7.8 Aug 29

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH lo

CVE-2019-8452 HIGH POC
7.8 Apr 22

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security clien

CVE-2014-4973 MEDIUM POC
6.9 Sep 23

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in

CVE-2016-9892 MEDIUM POC
5.9 Mar 02

The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.

CVE-2024-2224 CRITICAL
9.8 Apr 09

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer compone

CVE-2024-2223 CRITICAL
9.8 Apr 09

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Ser

CVE-2022-27534 CRITICAL
9.8 Apr 01

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March

CVE-2021-45090 CRITICAL
9.8 Dec 21

Stormshield Endpoint Security before 2.1.2 allows remote code execution. Rated critical severity (CVSS 9.8), this vulner

CVE-2016-3984 MEDIUM POC
5.1 Apr 08

The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.

CVE-2020-7332 HIGH
8.8 Nov 12

Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0

CVE-2020-7319 HIGH
8.8 Sep 09

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Updat

Share

CVE-2023-23561 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy