CVE-2023-41137

Published: Nov 9, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.

Affected (11)

Products: Appsanywhere: Appsanywhere Client

Appsanywhere

1 product

Appsanywhere Client

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Appsanywhere Appsanywhere Client	Version 1.4.0
Appsanywhere Appsanywhere Client	Version 1.4.1
Appsanywhere Appsanywhere Client	Version 1.5.1
Appsanywhere Appsanywhere Client	Version 1.6.0
Appsanywhere Appsanywhere Client	Version 2.0.0

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Appsanywhere Appsanywhere Client	Version 1.4.0
Appsanywhere Appsanywhere Client	Version 1.4.1
Appsanywhere Appsanywhere Client	Version 1.5.1
Appsanywhere Appsanywhere Client	Version 1.5.2
Appsanywhere Appsanywhere Client	Version 1.6.0
Appsanywhere Appsanywhere Client	Version 2.0.0

Related CWEs

CWE-321

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory

Source: info@appcheck-ng.com

Vendor Advisory

https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.