Lucene search

PRIOn knowledge basePRION:CVE-2023-45160

HistoryOct 05, 2023 - 4:15 p.m.

Design/Logic Flaw

2023-10-0516:15:00

PRIOn knowledge base

www.prio-n.com

1e client

subvert downloaded instruction

harmful script

patch q23094

mac client

upgrade to v23.11

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client’s temporary directory is now locked down in the released patch.

Resolution: This has been fixed in patch Q23094

This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site.

Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.

CPENameOperatorVersion
clienteq8.1.2.62
clienteq8.4.1.159
clienteq9.0.1.88
clienteq23.7.1.151

Name	Operator	Version
client	eq	8.1.2.62
client	eq	8.4.1.159
client	eq	9.0.1.88
client	eq	23.7.1.151

References

1e.my.site.com/s/

www.1e.com/trust-security-compliance/cve-info/

www.1e.com/vulnerability-disclosure-policy/