CVE-2023-42920 - Vulnerability Details - OpenCVE

Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00076.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Apple	Macos
Claris	Claris Pro Filemaker Pro

Configuration 1 [-]

AND

OR	cpe:2.3:a:claris:claris_pro:-:::::::*
	cpe:2.3:a:claris:filemaker_pro::::::::

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.claris.com/s/article/FileMaker-Security-Information?language=en_US

History

Wed, 26 Mar 2025 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-427
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 09 Dec 2024 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos Claris Claris claris Pro Claris filemaker Pro
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:claris:claris_pro:-:::::::* cpe:2.3:a:claris:filemaker_pro:::::::: cpe:2.3:o:apple:macos:-:::::::*
Vendors & Products		Apple Apple macos Claris Claris claris Pro Claris filemaker Pro

Tue, 27 Aug 2024 15:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-03-19T16:46:46.325Z

Updated: 2025-03-26T20:49:39.125Z

Reserved: 2023-09-14T19:05:11.463Z

Link: CVE-2023-42920

Vulnrichment

Updated: 2024-08-02T19:30:25.330Z

NVD

Status : Modified

Published: 2024-03-19T17:15:08.503

Modified: 2025-03-26T21:15:19.693

Link: CVE-2023-42920

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42920", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2023-09-14T19:05:11.463Z", "datePublished": "2024-03-19T16:46:46.325Z", "dateUpdated": "2025-03-26T20:49:39.125Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Exploiting this vulnerability enables an attacker to execute custom code on behalf of FileMaker Pro or Claris Pro, even without the user having proper access. This flaw may potentially lead to unauthorized access to sensitive user information or the execution of unauthorized actions within the application."}]}], "affected": [{"vendor": "Claris", "product": "FileMaker Pro", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "20.2", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS."}], "references": [{"url": "https://support.claris.com/s/article/FileMaker-Security-Information?language=en_US"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-03-19T16:46:46.325Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:25.330Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.claris.com/s/article/FileMaker-Security-Information?language=en_US", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "affected": [{"vendor": "claris", "product": "filemaker_pro", "cpes": ["cpe:2.3:a:claris:filemaker_pro:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "20.2", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-28T18:59:18.670696Z", "id": "CVE-2023-42920", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T20:49:39.125Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.claris.com/s/article/FileMaker-Security-Information?language=en_US", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:25.330Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-42920", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-28T18:59:18.670696Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:claris:filemaker_pro:*:*:*:*:*:*:*:*"], "vendor": "claris", "product": "filemaker_pro", "versions": [{"status": "affected", "version": "0", "lessThan": "20.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T14:05:59.114Z"}}], "cna": {"affected": [{"vendor": "Claris", "product": "FileMaker Pro", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "20.2", "versionType": "custom"}]}], "references": [{"url": "https://support.claris.com/s/article/FileMaker-Security-Information?language=en_US"}], "descriptions": [{"lang": "en", "value": "Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Exploiting this vulnerability enables an attacker to execute custom code on behalf of FileMaker Pro or Claris Pro, even without the user having proper access. This flaw may potentially lead to unauthorized access to sensitive user information or the execution of unauthorized actions within the application."}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-03-19T16:46:46.325Z"}}}, "cveMetadata": {"cveId": "CVE-2023-42920", "state": "PUBLISHED", "dateUpdated": "2025-03-26T20:49:39.125Z", "dateReserved": "2023-09-14T19:05:11.463Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-03-19T16:46:46.325Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:claris:claris_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "418A8FB9-C131-4D98-8520-6743015282EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:claris:filemaker_pro:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEA196D3-EE08-4B4C-B5FD-8B4B18DF7661", "versionEndExcluding": "20.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS."}, {"lang": "es", "value": "Claris International ha solucionado una vulnerabilidad de secuestro de dylib en las versiones FileMaker Pro.app y Claris Pro.app en macOS."}], "id": "CVE-2023-42920", "lastModified": "2025-03-26T21:15:19.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-19T17:15:08.503", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.claris.com/s/article/FileMaker-Security-Information?language=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.claris.com/s/article/FileMaker-Security-Information?language=en_US"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}