In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch.
Resolution: This has been fixed in patch Q23094
This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site.
Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: 1E
Published: 2023-10-05T15:12:20.743Z
Updated: 2024-09-19T19:08:24.798Z
Reserved: 2023-10-04T23:59:54.078Z
Link: CVE-2023-45160
Vulnrichment
Updated: 2024-08-02T20:14:19.027Z
NVD
Status : Modified
Published: 2023-10-05T16:15:12.167
Modified: 2024-11-21T08:26:27.673
Link: CVE-2023-45160
Redhat
No data.