Lucene search

[email protected]NVD:CVE-2023-41972

HistoryMar 26, 2024 - 3:15 p.m.

CVE-2023-41972

2024-03-2615:15:48

CWE-269

[email protected]

web.nvd.nist.gov

password validation

revert password

disabled features

win zapp 4.3.0.121

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS

Percentile

9.0%

JSON

In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later.

References

help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2023-41972

vulnrichment1 cve1 cvelist1