Lucene search

[email protected]NVD:CVE-2023-43624

HistoryOct 23, 2023 - 5:15 a.m.

CVE-2023-43624

2023-10-2305:15:07

CWE-611

[email protected]

web.nvd.nist.gov

cve-2023-43624

cx-designer

xxe

vulnerability

disclosure

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed may be disclosed.

Affected configurations

Nvd

Node

omromcx-designerRange≤3.740

VendorProductVersionCPE
omromcx-designer*cpe:2.3:a:omrom:cx-designer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
omrom	cx-designer	*	cpe:2.3:a:omrom:cx-designer::::::::

References

jvn.jp/en/vu/JVNVU98683567/

www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-011_en.pdf

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

Related for NVD:CVE-2023-43624

prion1 cvelist1 vulnrichment1 cve1