Path Traversal Vulnerability in HYPR Workforce Access for Windows
CVE-2023-5097

7HIGH

Key Information:

Vendor: Hypr
Status: Workforce Access
Vendor: CVE Published:; 16 January 2024

What is CVE-2023-5097?

An improper input validation vulnerability exists in HYPR Workforce Access for Windows, allowing attackers to exploit path traversal vulnerabilities. This issue specifically impacts versions of Workforce Access prior to 8.7, potentially enabling unauthorized access and manipulation of file systems. Organizations using affected versions are advised to update to the latest release to mitigate risks associated with this security flaw.

Affected Version(s)

Workforce Access Windows 0 < 8.7

References

https://www.hypr.com/security-advisories

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Sep 20, 2023

Hypr

What is CVE-2023-5097?

Affected Version(s)

References

CVSS V3.1

Timeline