CVE-2023-41137

Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory	Vendor Advisory
https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:::::windows::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:::::windows::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:::::windows::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:::::windows::
	cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:::::windows::

Configuration 2 (hide)

OR	cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:::::macos::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:::::macos::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:::::macos::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.2:::::macos::
	cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:::::macos::
	cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:::::macos::

History

21 Nov 2024, 08:20

Type	Values Removed	Values Added
References	~~() https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory - Vendor Advisory~~	() https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 8.0

04 Sep 2024, 14:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-09 15:15

Updated : 2024-11-21 08:20

NVD link : CVE-2023-41137

Mitre link : CVE-2023-41137

CVE.ORG link : CVE-2023-41137

JSON object : View

Products Affected

appsanywhere

appsanywhere_client

CWE

CWE-321

Use of Hard-coded Cryptographic Key

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2023-41137", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "info@appcheck-ng.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-11-09T15:15:08.333", "references": [{"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory", "tags": ["Vendor Advisory"], "source": "info@appcheck-ng.com"}, {"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "info@appcheck-ng.com", "description": [{"lang": "en", "value": "CWE-321"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server."}, {"lang": "es", "value": "El cifrado sim\u00e9trico utilizado para proteger los mensajes entre el servidor y el cliente de AppsAnywhere se puede romper mediante ingenier\u00eda inversa en el cliente y utilizarse para hacerse pasar por el servidor de AppsAnywhere."}], "lastModified": "2024-11-21T08:20:39.283", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "A066D04C-B6DD-4F89-8C0A-DF9CBE036F6F"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "FF9BC97D-2D43-4D4B-B339-C3DF7DA85FB0"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B0531D44-F920-42A9-B781-F2189E72A767"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "EC323630-9657-4738-B49F-1A43AD666020"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "AA48D48B-9CDD-4742-AB06-14278E9B794A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.0:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "5694A750-1829-415C-B065-2C2A08DF2E4E"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.4.1:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "4050A29D-EBB7-468A-B1B5-89DC9A6704DC"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.1:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "2B8B2F87-807B-4B88-8B81-F77D90EFB4E3"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.5.2:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "5B09E01F-FAA8-424D-8568-371A0B2B8B93"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:1.6.0:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "5149EA76-2BBC-4AF6-8F41-9EFBADF669F4"}, {"criteria": "cpe:2.3:a:appsanywhere:appsanywhere_client:2.0.0:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "77E0BED8-DD64-47CD-9805-8020DA91D04E"}], "operator": "OR"}]}], "sourceIdentifier": "info@appcheck-ng.com"}