In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 15-16, 2023.
During this period, The National Vulnerability Database published 75, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 17
Medium: 19
Low: 3
Severity Not Assigned: 35
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-31100
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.
This issue affects SecureCore™ Technology™ 4:
* from 4.3.0.0 before 4.3.0.203
*
from
4.3.1.0 before 4.3.1.163
*
from
4.4.0.0 before 4.4.0.217
*
from
4.5.0.0 before 4.5.0.138
References: https://www.phoenix.com/security-notifications/
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-35080
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
References: https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-38043
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: When a specific component is loaded a local attacker and is able to send a specially crafted request to this component, the attacker could gain elevated privileges on the affected system.
References: https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-38543
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: When a specific component is loaded a local attacker and is able to send a specially crafted request to this component, the attacker could gain elevated privileges on the affected system.
References: https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-41718
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
References: https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-43590
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
References: https://explore.zoom.us/en/trust/security/security-bulletin/
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-43591
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
References: https://explore.zoom.us/en/trust/security/security-bulletin/
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-5984
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description:
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow
modified firmware to be uploaded when an authorized admin user begins a firmware update
procedure.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-5986
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description:
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input
attackers can cause the software’s web application to redirect to the chosen domain after a
successful login is performed.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-46672
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.
The prerequisites for the manifestation of this issue are:
* Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format.
* Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.
References: https://discuss.elastic.co/t/logstash-8-11-1-security-update-esa-2023-26/347191
https://www.elastic.co/community/security
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-34062
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.
Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
References: https://spring.io/security/cve-2023-34062
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-5245
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.
When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().
Arbitrary file creation can directly lead to code execution
References: https://github.com/combust/mleap/pull/866#issuecomment-1738032225
https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-5720
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.
References: https://access.redhat.com/security/cve/CVE-2023-5720
https://bugzilla.redhat.com/show_bug.cgi?id=2245700
CWE-ID: CWE-526
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-33873
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
References: https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-22818
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for
Windows that could allow attackers with local access to execute arbitrary code by executing the installer
in the same folder as the malicious DLL. This can lead to the execution of arbitrary
code with the privileges of the vulnerable application or obtain a certain level of persistence
on the compromised host.
References: https://www.westerndigital.com/support/product-security/wdc-23013-sandisk-security-installer-for-windows-1-0-0-25
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-47637
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311
https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0
https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-48224
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller users of the Fides web application. Privacy requests allow data subjects to submit a request to access all person data held by the data controller, or delete/erase it. Consent request allows data subject users to modify their privacy preferences for how the data controller uses their personal data e.g. data sales and sharing consent opt-in/opt-out. If `subject_identity_verification_required` in the `[execution]` section of `fides.toml` or the env var `FIDES__EXECUTION__SUBJECT_IDENTITY_VERIFICATION_REQUIRED` is set to `True` on the fides webserver backend, data subjects are sent a one-time code to their email address or phone number, depending on messaging configuration, and the one-time code must be entered in the Privacy Center UI by the data subject before the privacy or consent request is submitted. It was identified that the one-time code values for these requests were generated by the python `random` module, a cryptographically weak pseduo-random number generator (PNRG). If an attacker generates several hundred consecutive one-time codes, this vulnerability allows the attacker to predict all future one-time code values during the lifetime of the backend python process. There is no security impact on data access requests as the personal data download package is not shared in the Privacy Center itself. However, this vulnerability allows an attacker to (i) submit a verified data erasure request, resulting in deletion of data for the targeted user and (ii) submit a verified consent request, modifying a user's privacy preferences. The vulnerability has been patched in Fides version `2.24.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no known workarounds for this vulnerability.
References: https://github.com/ethyca/fides/commit/685bae61c203d29ed189f4b066a5223a9bb774c6
https://github.com/ethyca/fides/security/advisories/GHSA-82vr-5769-6358
https://peps.python.org/pep-0506/
CWE-ID: CWE-338
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-48365
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265.
References: https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 15-16, 2023.
During this period, The National Vulnerability Database published 75, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 17
Medium: 19
Low: 3
Severity Not Assigned: 35
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-31100
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.
This issue affects SecureCore™ Technology™ 4:
* from 4.3.0.0 before 4.3.0.203
*
from
4.3.1.0 before 4.3.1.163
*
from
4.4.0.0 before 4.4.0.217
*
from
4.5.0.0 before 4.5.0.138
References: https://www.phoenix.com/security-notifications/
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-35080
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
References: https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-38043
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: When a specific component is loaded a local attacker and is able to send a specially crafted request to this component, the attacker could gain elevated privileges on the affected system.
References: https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-38543
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: When a specific component is loaded a local attacker and is able to send a specially crafted request to this component, the attacker could gain elevated privileges on the affected system.
References: https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-41718
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
References: https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-43590
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
References: https://explore.zoom.us/en/trust/security/security-bulletin/
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-43591
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
References: https://explore.zoom.us/en/trust/security/security-bulletin/
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-5984
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description:
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow
modified firmware to be uploaded when an authorized admin user begins a firmware update
procedure.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-5986
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description:
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input
attackers can cause the software’s web application to redirect to the chosen domain after a
successful login is performed.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-46672
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.8
Description: An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.
The prerequisites for the manifestation of this issue are:
* Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format.
* Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.
References: https://discuss.elastic.co/t/logstash-8-11-1-security-update-esa-2023-26/347191
https://www.elastic.co/community/security
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-34062
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.
Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
References: https://spring.io/security/cve-2023-34062
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-5245
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.
When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().
Arbitrary file creation can directly lead to code execution
References: https://github.com/combust/mleap/pull/866#issuecomment-1738032225
https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-5720
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.
References: https://access.redhat.com/security/cve/CVE-2023-5720
https://bugzilla.redhat.com/show_bug.cgi?id=2245700
CWE-ID: CWE-526
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-33873
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
References: https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-22818
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for
Windows that could allow attackers with local access to execute arbitrary code by executing the installer
in the same folder as the malicious DLL. This can lead to the execution of arbitrary
code with the privileges of the vulnerable application or obtain a certain level of persistence
on the compromised host.
References: https://www.westerndigital.com/support/product-security/wdc-23013-sandisk-security-installer-for-windows-1-0-0-25
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-47637
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311
https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0
https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-48224
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller users of the Fides web application. Privacy requests allow data subjects to submit a request to access all person data held by the data controller, or delete/erase it. Consent request allows data subject users to modify their privacy preferences for how the data controller uses their personal data e.g. data sales and sharing consent opt-in/opt-out. If `subject_identity_verification_required` in the `[execution]` section of `fides.toml` or the env var `FIDES__EXECUTION__SUBJECT_IDENTITY_VERIFICATION_REQUIRED` is set to `True` on the fides webserver backend, data subjects are sent a one-time code to their email address or phone number, depending on messaging configuration, and the one-time code must be entered in the Privacy Center UI by the data subject before the privacy or consent request is submitted. It was identified that the one-time code values for these requests were generated by the python `random` module, a cryptographically weak pseduo-random number generator (PNRG). If an attacker generates several hundred consecutive one-time codes, this vulnerability allows the attacker to predict all future one-time code values during the lifetime of the backend python process. There is no security impact on data access requests as the personal data download package is not shared in the Privacy Center itself. However, this vulnerability allows an attacker to (i) submit a verified data erasure request, resulting in deletion of data for the targeted user and (ii) submit a verified consent request, modifying a user's privacy preferences. The vulnerability has been patched in Fides version `2.24.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no known workarounds for this vulnerability.
References: https://github.com/ethyca/fides/commit/685bae61c203d29ed189f4b066a5223a9bb774c6
https://github.com/ethyca/fides/security/advisories/GHSA-82vr-5769-6358
https://peps.python.org/pep-0506/
CWE-ID: CWE-338
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-48365
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265.
References: https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found