» CVE

CVE-2023-4896

Posted on 2023년 10월 18일2023년 10월 18일 by admin

CVE-2023-4896

A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.

Source: CVE-2023-4896

CVE-2023-27133

Posted on 2023년 10월 18일2023년 10월 18일 by admin

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%TSplus-RemoteWorkClientswww folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.

Source: CVE-2023-27133

CVE-2023-27132

Posted on 2023년 10월 18일2023년 10월 18일 by admin

CVE-2023-27132

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product.

Source: CVE-2023-27132

CVE-2023-37537

Posted on 2023년 10월 18일2023년 10월 18일 by admin

CVE-2023-37537

An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges.

Source: CVE-2023-37537