CVE-2023-2112: Desktop Component allows lateral movement between sessions
DESCRIPTION:
Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.
AFFECTED PRODUCTS:
M-Files Desktop before 23.4.12455.0
MORE INFORMATION:
Desktop component service launch session status function which allows lateral movement between sessions in M-Files.
CVSS 3.1 Score: 3.6
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-284 Improper Access Control
CAPEC: CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
Internal ID: 166132
Date issued: 2023-04-20
LINKS
https://www.cve.org/CVERecord?id=CVE-2023-2112
HISTORY
2023-04-20 Published