Insecure Permissions in Stormshield Endpoint Security by Stormshield
CVE-2023-35800

4.3MEDIUM

Key Information:

Vendor: Stormshield
Status: Endpoint Security
Vendor: CVE Published:; 27 June 2023

🔔 Create Stormshield Vulnerability Alert

What is CVE-2023-35800?

Stormshield Endpoint Security (versions 2.0.0 through 2.4.2) is affected by an insecure permissions vulnerability that exposes sensitive data. The ACL configuration on the SES Evolution agent directory, which stores agent logs, permissively allows interactive users to access this data. This flaw enables unauthorized users to read potentially sensitive information that should be restricted to administrators, creating a risk of data breaches and unauthorized access.

References

https://advisories.stormshield.eu

https://advisories.stormshield.eu/2023-021/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2023
Vulnerability Reserved
Jun 17, 2023

CVE-2023-35800 Data

JSON