CVE-2023-2112: Desktop Component allows lateral movement between sessions

DESCRIPTION:

Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.

AFFECTED PRODUCTS:

M-Files Desktop before 23.4.12455.0

MORE INFORMATION:

Desktop component service launch session status function which allows lateral movement between sessions in M-Files.

CVSS 3.1 Score: 3.6

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-284 Improper Access Control

CAPEC: CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs

Internal ID: 166132

Date issued: 2023-04-20

LINKS

https://www.cve.org/CVERecord?id=CVE-2023-2112

HISTORY

2023-04-20 Published