CVE-2023-2112: Desktop Component allows lateral movement between sessions

DESCRIPTION

Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.

AFFECTED PRODUCTS

M-Files Desktop before 23.4.12455.0

MORE INFORMATION

Desktop component service launch session status function which allows lateral movement between sessions in M-Files.

CVSS 3.1 Score: 3.6

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-284 Improper Access Control

CAPEC: CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs

Internal ID: 166132

Date issued: 2023-04-20

LINKS

https://www.cve.org/CVERecord?id=CVE-2023-2112

HISTORY

2023-04-20 Published

Review M-Files on Gartner® Peer Insights™ & get a $25 gift card!

Review now
X