nvd-json-data-feeds/CVE-2023/CVE-2023-63xx/CVE-2023-6336.json

{
  "id": "CVE-2023-6336",
  "sourceIdentifier": "security@hypr.com",
  "published": "2024-01-16T20:15:45.667",
  "lastModified": "2024-01-23T16:25:34.050",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.\n\n"
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de resoluci\u00f3n de enlace incorrecta antes del acceso al archivo (\"Link Following\") en HYPR Workforce Access en MacOS permite el nombre de archivo controlado por el usuario. Este problema afecta a Workforce Access: antes de 8.7."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      },
      {
        "source": "security@hypr.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.8
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ]
    },
    {
      "source": "security@hypr.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "8.7",
              "matchCriteriaId": "83E3E9E9-12B1-41CE-B254-894EDCC79B3F"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.hypr.com/security-advisories",
      "source": "security@hypr.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}