Vulnerability Details CVE-2023-44437
Ashlar-Vellum Cobalt Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-21540.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.0%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2023-44437
-
cpe:2.3:a:ashlar:cobalt:11.0.1111
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.47
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.48
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.49
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.50
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.51
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.52
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.53
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.54
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.55
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.56
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.57
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.58
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.59
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.60
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.61
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.62
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.63
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.64
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.66
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.67
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.68
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.69
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.75
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.76
-
cpe:2.3:a:ashlar:cobalt:12.0.1204.77