CVE-2023-35800
First published: Tue Jun 27 2023(Updated: )
Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Stormshield Endpoint Security | >=2.0.0<=2.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-35800.
What is the title of the vulnerability?
The title of the vulnerability is 'Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions.'
What is the severity of the vulnerability?
The severity of the vulnerability is medium with a CVSS score of 4.3.
What is the affected software?
The affected software is Stormshield Endpoint Security Evolution versions 2.0.0 through 2.4.2.
How can this vulnerability be exploited?
An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, potentially granting access to information reserved for administrators.
- collector/nvd-index
- vendor/stormshield
- canonical/stormshield endpoint security
- version/stormshield endpoint security/2.0.0
- version/stormshield endpoint security/2.4.2