Search criteria
6 vulnerabilities found for appsanywhere_client by appsanywhere
FKIE_CVE-2023-41137
Vulnerability from fkie_nvd - Published: 2023-11-09 15:15 - Updated: 2024-11-21 08:20
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appsanywhere | appsanywhere_client | 1.4.0 | |
| appsanywhere | appsanywhere_client | 1.4.1 | |
| appsanywhere | appsanywhere_client | 1.5.1 | |
| appsanywhere | appsanywhere_client | 1.6.0 | |
| appsanywhere | appsanywhere_client | 2.0.0 | |
| appsanywhere | appsanywhere_client | 1.4.0 | |
| appsanywhere | appsanywhere_client | 1.4.1 | |
| appsanywhere | appsanywhere_client | 1.5.1 | |
| appsanywhere | appsanywhere_client | 1.5.2 | |
| appsanywhere | appsanywhere_client | 1.6.0 | |
| appsanywhere | appsanywhere_client | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "A066D04C-B6DD-4F89-8C0A-DF9CBE036F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "FF9BC97D-2D43-4D4B-B339-C3DF7DA85FB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "B0531D44-F920-42A9-B781-F2189E72A767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "EC323630-9657-4738-B49F-1A43AD666020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "AA48D48B-9CDD-4742-AB06-14278E9B794A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "5694A750-1829-415C-B065-2C2A08DF2E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "4050A29D-EBB7-468A-B1B5-89DC9A6704DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "2B8B2F87-807B-4B88-8B81-F77D90EFB4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.2:*:*:*:*:macos:*:*",
"matchCriteriaId": "5B09E01F-FAA8-424D-8568-371A0B2B8B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "5149EA76-2BBC-4AF6-8F41-9EFBADF669F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "77E0BED8-DD64-47CD-9805-8020DA91D04E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server."
},
{
"lang": "es",
"value": "El cifrado sim\u00e9trico utilizado para proteger los mensajes entre el servidor y el cliente de AppsAnywhere se puede romper mediante ingenier\u00eda inversa en el cliente y utilizarse para hacerse pasar por el servidor de AppsAnywhere."
}
],
"id": "CVE-2023-41137",
"lastModified": "2024-11-21T08:20:39.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-09T15:15:08.333",
"references": [
{
"source": "info@appcheck-ng.com",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
}
],
"sourceIdentifier": "info@appcheck-ng.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-321"
}
],
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-41138
Vulnerability from fkie_nvd - Published: 2023-11-09 15:15 - Updated: 2024-11-21 08:20
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appsanywhere | appsanywhere_client | 1.4.0 | |
| appsanywhere | appsanywhere_client | 1.4.1 | |
| appsanywhere | appsanywhere_client | 1.5.1 | |
| appsanywhere | appsanywhere_client | 1.5.2 | |
| appsanywhere | appsanywhere_client | 1.6.0 | |
| appsanywhere | appsanywhere_client | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "5694A750-1829-415C-B065-2C2A08DF2E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "4050A29D-EBB7-468A-B1B5-89DC9A6704DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "2B8B2F87-807B-4B88-8B81-F77D90EFB4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.2:*:*:*:*:macos:*:*",
"matchCriteriaId": "5B09E01F-FAA8-424D-8568-371A0B2B8B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "5149EA76-2BBC-4AF6-8F41-9EFBADF669F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "77E0BED8-DD64-47CD-9805-8020DA91D04E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process."
},
{
"lang": "es",
"value": "Un proceso de usuario local puede enga\u00f1ar al asistente con privilegios de cliente de AppsAnywhere macOS para que ejecute comandos arbitrarios con permisos elevados."
}
],
"id": "CVE-2023-41138",
"lastModified": "2024-11-21T08:20:39.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-09T15:15:08.550",
"references": [
{
"source": "info@appcheck-ng.com",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
}
],
"sourceIdentifier": "info@appcheck-ng.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-226"
}
],
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2023-41137 (GCVE-0-2023-41137)
Vulnerability from cvelistv5 – Published: 2023-11-09 15:07 – Updated: 2024-10-28 20:48
VLAI?
Summary
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.
Severity ?
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AppsAnywhere | AppsAnywhere Client |
Affected:
1.4.0
Affected: 1.4.1 Affected: 1.5.1 Affected: 1.5.2 Affected: 1.6.0 Affected: 2.0.0 Unaffected: 1.6.1 Unaffected: 2.0.1 Unaffected: 2.2.0 |
Credits
Gaelan Steele
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "AppsAnywhere Security Advisory",
"tags": [
"x_transferred"
],
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.4.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.5.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.6.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.5.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:41:50.135678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T20:48:57.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AppsAnywhere Client",
"vendor": "AppsAnywhere",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "unaffected",
"version": "1.6.1"
},
{
"status": "unaffected",
"version": "2.0.1"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gaelan Steele"
}
],
"descriptions": [
{
"lang": "en",
"value": "Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of Hard-coded Cryptographic Key",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T15:07:51.211Z",
"orgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"shortName": "AppCheck"
},
"references": [
{
"name": "AppsAnywhere Security Advisory",
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
}
],
"x_generator": {
"engine": "cveClient/1.0.14"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"assignerShortName": "AppCheck",
"cveId": "CVE-2023-41137",
"datePublished": "2023-11-09T15:07:51.211Z",
"dateReserved": "2023-08-23T16:10:33.947Z",
"dateUpdated": "2024-10-28T20:48:57.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41138 (GCVE-0-2023-41138)
Vulnerability from cvelistv5 – Published: 2023-11-09 15:05 – Updated: 2024-09-04 13:38
VLAI?
Summary
The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.
Severity ?
7.5 (High)
CWE
- CWE-226 - Incorrect Privilege Assignment
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AppsAnywhere | AppsAnywhere Client |
Affected:
1.4.0
Affected: 1.4.1 Affected: 1.5.1 Affected: 1.5.2 Affected: 1.6.0 Affected: 2.0.0 Unaffected: 1.6.1 Unaffected: 2.0.1 Unaffected: 2.2.0 |
Credits
Gaelan Steele
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:02.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "AppsAnywhere Security Advisory",
"tags": [
"x_transferred"
],
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.4.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.5.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.2:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.5.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.6.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:35:31.902425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T13:38:11.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AppsAnywhere Client",
"vendor": "AppsAnywhere",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "unaffected",
"version": "1.6.1"
},
{
"status": "unaffected",
"version": "2.0.1"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gaelan Steele"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-226",
"description": "Incorrect Privilege Assignment",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T15:05:24.035Z",
"orgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"shortName": "AppCheck"
},
"references": [
{
"name": "AppsAnywhere Security Advisory",
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
}
],
"x_generator": {
"engine": "cveClient/1.0.14"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"assignerShortName": "AppCheck",
"cveId": "CVE-2023-41138",
"datePublished": "2023-11-09T15:05:24.035Z",
"dateReserved": "2023-08-23T16:10:33.947Z",
"dateUpdated": "2024-09-04T13:38:11.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41137 (GCVE-0-2023-41137)
Vulnerability from nvd – Published: 2023-11-09 15:07 – Updated: 2024-10-28 20:48
VLAI?
Summary
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.
Severity ?
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AppsAnywhere | AppsAnywhere Client |
Affected:
1.4.0
Affected: 1.4.1 Affected: 1.5.1 Affected: 1.5.2 Affected: 1.6.0 Affected: 2.0.0 Unaffected: 1.6.1 Unaffected: 2.0.1 Unaffected: 2.2.0 |
Credits
Gaelan Steele
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "AppsAnywhere Security Advisory",
"tags": [
"x_transferred"
],
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.4.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.5.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.6.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.5.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:41:50.135678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T20:48:57.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AppsAnywhere Client",
"vendor": "AppsAnywhere",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "unaffected",
"version": "1.6.1"
},
{
"status": "unaffected",
"version": "2.0.1"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gaelan Steele"
}
],
"descriptions": [
{
"lang": "en",
"value": "Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of Hard-coded Cryptographic Key",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T15:07:51.211Z",
"orgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"shortName": "AppCheck"
},
"references": [
{
"name": "AppsAnywhere Security Advisory",
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
}
],
"x_generator": {
"engine": "cveClient/1.0.14"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"assignerShortName": "AppCheck",
"cveId": "CVE-2023-41137",
"datePublished": "2023-11-09T15:07:51.211Z",
"dateReserved": "2023-08-23T16:10:33.947Z",
"dateUpdated": "2024-10-28T20:48:57.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41138 (GCVE-0-2023-41138)
Vulnerability from nvd – Published: 2023-11-09 15:05 – Updated: 2024-09-04 13:38
VLAI?
Summary
The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.
Severity ?
7.5 (High)
CWE
- CWE-226 - Incorrect Privilege Assignment
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AppsAnywhere | AppsAnywhere Client |
Affected:
1.4.0
Affected: 1.4.1 Affected: 1.5.1 Affected: 1.5.2 Affected: 1.6.0 Affected: 2.0.0 Unaffected: 1.6.1 Unaffected: 2.0.1 Unaffected: 2.2.0 |
Credits
Gaelan Steele
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:02.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "AppsAnywhere Security Advisory",
"tags": [
"x_transferred"
],
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.4.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.5.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.2:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.5.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "1.6.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "appsanywhere_client",
"vendor": "appsanywhere",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:35:31.902425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T13:38:11.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AppsAnywhere Client",
"vendor": "AppsAnywhere",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "unaffected",
"version": "1.6.1"
},
{
"status": "unaffected",
"version": "2.0.1"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gaelan Steele"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-226",
"description": "Incorrect Privilege Assignment",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T15:05:24.035Z",
"orgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"shortName": "AppCheck"
},
"references": [
{
"name": "AppsAnywhere Security Advisory",
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
}
],
"x_generator": {
"engine": "cveClient/1.0.14"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"assignerShortName": "AppCheck",
"cveId": "CVE-2023-41138",
"datePublished": "2023-11-09T15:05:24.035Z",
"dateReserved": "2023-08-23T16:10:33.947Z",
"dateUpdated": "2024-09-04T13:38:11.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}