← Back

CVE-2023-50444

nvd nist
Published: Dec 13, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.

Affected (6)

Primx
3 products
Zed!
Zedmail
Zonecentral
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Primx
Zed!
Before q.2020.3
Zed!
From 2023.0 to 2023.5
Zed!
From q.2021.0 to q.2021.2
Zedmail
Before 2023.5
Primx
Zonecentral
Before q.2021.2
Zonecentral
From 2023.0 to 2023.5

Related CWEs

CWE-307
Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product

Timeline

No history available yet.