Insecure file handling in 1E client for windows

CVE-ID

CVE-2023-45160

Description

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. This has been fixed in patch Q23094 as the 1E Client’s temporary directory is now locked down.

CVSS3.1 Score

Base Score 8.8 (High)

CVSS3.1 Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem type

CWE 552: Files or Directories Accessible to External Parties