HIGH🇬🇧 English

CVE-2023-45160

CVSS 8.8v3.1pub. 2023-10-05upd. 2025-05-20

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch. Resolution: This has been fixed in patch Q23094  This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • 1e Client

    APP
    1E
    23.7.1.1518.1.2.628.4.1.1599.0.1.88
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-45159HIGH8.4ten sam produkt

1E Client installer can perform arbitrary file deletion on protected files.   A non-privileged user could pro...

CVE-2020-16268HIGH8.8ten sam produkt

The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to ga...

CVE-2020-27644HIGH8.8ten sam produkt

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\...

CVE-2020-27645HIGH8.8ten sam produkt

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\...

CVE-2020-27643MEDIUM6.5ten sam produkt

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users a...