How severe is CVE-2023-45160?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2023-45160?

This is classified as CWE-552, which is a common weakness in software security.

CVE-2023-45160 - HIGH Severity | CVSS 8.8

Vulnerability Description

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch. Resolution: This has been fixed in patch Q23094 This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.

Related Vulnerabilities

CVE-2021-20182

HIGH

CVSS:8.8(High)

A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to th...

CWE-5522021

CVE-2021-4112

HIGH

CVSS:8.8(High)

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user ...

CWE-5522021

CVE-2022-25297

HIGH

CVSS:8.8(High)

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations o...

CWE-5522022

CVE-2022-32143

HIGH

CVSS:8.8(High)

In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller on...

CWE-5522022

CVE-2022-42234

HIGH

CVSS:8.8(High)

There is a file inclusion vulnerability in the template management module in UCMS 1.6

CWE-5522022

CVE-2023-20235

HIGH

CVSS:8.8(High)

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to...

CWE-5522023