CVE-2023-35800

Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:stormshield:endpoint_security:*:*:*:*:*:*:*:*

History

05 Jul 2023, 13:40

Type Values Removed Values Added
CWE CWE-732
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
CPE cpe:2.3:a:stormshield:endpoint_security:*:*:*:*:*:*:*:*
References (CONFIRM) https://advisories.stormshield.eu/2023-021/ - (CONFIRM) https://advisories.stormshield.eu/2023-021/ - Vendor Advisory
References (MISC) https://advisories.stormshield.eu - (MISC) https://advisories.stormshield.eu - Vendor Advisory

27 Jun 2023, 18:34

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-27 17:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-35800

Mitre link : CVE-2023-35800

CVE.ORG link : CVE-2023-35800


JSON object : View

Products Affected

stormshield

  • endpoint_security
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource