CVE-2023-41137

Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:::::windows::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:::::windows::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:::::windows::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:::::windows::
	cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:::::windows::

Configuration 2 (hide)

OR	cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:::::macos::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:::::macos::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:::::macos::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.2:::::macos::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:::::macos::
	cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:::::macos::

History

04 Sep 2024, 14:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-09 15:15

Updated : 2024-09-04 14:35

NVD link : CVE-2023-41137

Mitre link : CVE-2023-41137

CVE.ORG link : CVE-2023-41137

JSON object : View

Products Affected

appsanywhere

appsanywhere_client

CWE

CWE-798

Use of Hard-coded Credentials

CWE-321

Use of Hard-coded Cryptographic Key

{"id": "CVE-2023-41137", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "info@appcheck-ng.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2023-11-09T15:15:08.333", "references": [{"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory", "tags": ["Vendor Advisory"], "source": "info@appcheck-ng.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Secondary", "source": "info@appcheck-ng.com", "description": [{"lang": "en", "value": "CWE-321"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-321"}]}], "descriptions": [{"lang": "en", "value": "Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server."}, {"lang": "es", "value": "El cifrado sim\u00e9trico utilizado para proteger los mensajes entre el servidor y el cliente de AppsAnywhere se puede romper mediante ingenier\u00eda inversa en el cliente y utilizarse para hacerse pasar por el servidor de AppsAnywhere."}], "lastModified": "2024-09-04T14:35:04.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "A066D04C-B6DD-4F89-8C0A-DF9CBE036F6F"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "FF9BC97D-2D43-4D4B-B339-C3DF7DA85FB0"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B0531D44-F920-42A9-B781-F2189E72A767"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "EC323630-9657-4738-B49F-1A43AD666020"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "AA48D48B-9CDD-4742-AB06-14278E9B794A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "5694A750-1829-415C-B065-2C2A08DF2E4E"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "4050A29D-EBB7-468A-B1B5-89DC9A6704DC"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "2B8B2F87-807B-4B88-8B81-F77D90EFB4E3"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.2:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "5B09E01F-FAA8-424D-8568-371A0B2B8B93"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "5149EA76-2BBC-4AF6-8F41-9EFBADF669F4"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "77E0BED8-DD64-47CD-9805-8020DA91D04E"}], "operator": "OR"}]}], "sourceIdentifier": "info@appcheck-ng.com"}