TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTsplus Remote Work
APPTsplus≤ 16.0.0.0
Related vulnerabilities
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the...
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Ever...
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within ...
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Ever...