Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)
References
Link | Resource |
---|---|
https://cwe.mitre.org/data/definitions/79.html |
Configurations
Configuration 1 (hide)
|
History
15 Feb 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above) | |
References |
|
|
01 Feb 2024, 02:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46595.htm - Third Party Advisory | |
CPE | cpe:2.3:a:algosec:fireflow:a32.60:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
28 Nov 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
22 Nov 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workflow editor using Name and Description field. It also impacts FireFlow's VisualFlow workflow editor outbound actions using Name and Category parameter. Fixed in version A32.20 (b570 and above), A32.50 (b400 and above), A32.60 (b220 and above) |
16 Nov 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workflow editor using Name and Description field. It also impacts FireFlow's VisualFlow workflow editor outbound actions using Name and Category parameter. Fixed in version A32.20 (b570 and above) |
14 Nov 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Net-NTLM leak in Fireflow A32.20 allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in version A32.20 (b570 and above) |
14 Nov 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Net-NTLM leak in Fireflow A32.20 and A32.50 allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in version A32.20 (b570 and above) and A32.50 (b390 and above) |
09 Nov 2023, 17:47
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CWE | CWE-79 | |
References | (MISC) https://cwe.mitre.org/data/definitions/79.html - Technical Description | |
CPE | cpe:2.3:a:algosec:fireflow:a32.50:*:*:*:*:*:*:* cpe:2.3:a:algosec:fireflow:a32.20:*:*:*:*:*:*:* |
|
First Time |
Algosec
Algosec fireflow |
02 Nov 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-02 08:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-46595
Mitre link : CVE-2023-46595
CVE.ORG link : CVE-2023-46595
JSON object : View
Products Affected
algosec
- fireflow
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')