Improper Link Resolution Vulnerability in HYPR Workforce Access for MacOS
CVE-2023-6336

7.2HIGH

Key Information:

Vendor: Hypr
Status: Workforce Access
Vendor: CVE Published:; 16 January 2024

What is CVE-2023-6336?

The vulnerability arises from an improper link resolution mechanism in HYPR's Workforce Access application on MacOS, which enables attackers to manipulate file access through user-controlled filenames. This flaw may lead to unauthorized access to sensitive files or execution of malicious code, posing a significant risk to systems utilizing pre-8.7 versions of the application. System administrators are urged to apply provided security measures to mitigate this issue.

Affected Version(s)

Workforce Access MacOS 0 < 8.7

References

https://www.hypr.com/security-advisories

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Nov 27, 2023

Hypr

What is CVE-2023-6336?

Affected Version(s)

References

CVSS V3.1

Timeline