CVE-2023-42955

{"id": "CVE-2023-42955", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 0.6}]}, "published": "2024-05-14T13:46:21.790", "references": [{"url": "https://support.claris.com/s/article/Administrator-role-passwords-being-exposed-when-logged-into-the-Admin-Console?language=en_US", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.claris.com/s/article/Administrator-role-passwords-being-exposed-when-logged-into-the-Admin-Console?language=en_US", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-257"}]}], "descriptions": [{"lang": "en", "value": "Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket."}, {"lang": "es", "value": "Claris International ha resuelto con \u00e9xito un problema de exposici\u00f3n potencial de la informaci\u00f3n de la contrase\u00f1a a sitios web de front-end al iniciar sesi\u00f3n en la Consola de administraci\u00f3n con una funci\u00f3n de administrador. Este problema se solucion\u00f3 en FileMaker Server 20.3.1 eliminando el env\u00edo de contrase\u00f1as de la funci\u00f3n de administrador en el socket de Node.js."}], "lastModified": "2024-12-10T17:35:05.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:claris:filemaker_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B444E1C4-D337-40FE-A1C3-2D4DBFAD28CA", "versionEndExcluding": "20.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}