e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN15808274/ | Third Party Advisory |
https://shinsei.e-gov.go.jp/contents/news/2023-03-12t1022040900_1318.html | Release Notes |
Configurations
Configuration 1 (hide)
|
History
18 Oct 2023, 01:26
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
First Time |
E-gov e-gov
E-gov |
|
CPE | cpe:2.3:a:e-gov:e-gov:*:*:*:*:*:macos:*:* cpe:2.3:a:e-gov:e-gov:*:*:*:*:*:windows:*:* |
|
References | (MISC) https://jvn.jp/en/jp/JVN15808274/ - Third Party Advisory | |
References | (MISC) https://shinsei.e-gov.go.jp/contents/news/2023-03-12t1022040900_1318.html - Release Notes |
11 Oct 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-11 01:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-44689
Mitre link : CVE-2023-44689
CVE.ORG link : CVE-2023-44689
JSON object : View
Products Affected
e-gov
- e-gov
CWE
CWE-862
Missing Authorization