CVE-2023-41972

{"id": "CVE-2023-41972", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@zscaler.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.8}]}, "published": "2024-03-26T15:15:48.407", "references": [{"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196", "source": "cve@zscaler.com"}, {"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve@zscaler.com", "description": [{"lang": "en", "value": "CWE-280"}]}], "descriptions": [{"lang": "en", "value": "In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later."}, {"lang": "es", "value": "En algunos casos excepcionales, falta una validaci\u00f3n del tipo de contrase\u00f1a en la verificaci\u00f3n de revertir contrase\u00f1a y, para algunas funciones, podr\u00eda estar deshabilitada. Versi\u00f3n fija: Win ZApp 4.3.0.121 y posteriores."}], "lastModified": "2024-11-21T08:22:01.373", "sourceIdentifier": "cve@zscaler.com"}