- Description
- In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch. Resolution: This has been fixed in patch Q23094 This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.
- Source
- security@1e.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:1e:client:8.1.2.62:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "EF79F84B-2408-44F9-A7AD-D9CAB9C34A61"
},
{
"criteria": "cpe:2.3:a:1e:client:8.4.1.159:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "4A156058-6634-4C59-831B-9A6E7C95BE84"
},
{
"criteria": "cpe:2.3:a:1e:client:9.0.1.88:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "66EA1F19-4432-4D9F-82DD-91062B54284B"
},
{
"criteria": "cpe:2.3:a:1e:client:23.7.1.151:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "73A8F998-B3AF-46C6-B4E5-3FEF6EA25A99"
}
],
"operator": "OR"
}
]
}
]