CRITICAL🇵🇱 Wersja polska

CVE-2023-27133

CVSS 9.8v3.1pub. 2023-10-17upd. 2024-11-21

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tsplus Remote Work

    APP
    Tsplus
    ≤ 16.0.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2023-27132CRITICAL9.8ten sam produkt

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the...

CVE-2023-31068CRITICAL9.8ten sam produkt

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Ever...

CVE-2023-31069CRITICAL9.8ten sam produkt

An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within ...

CVE-2023-31067CRITICAL9.8ten sam vendor

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Ever...