Security Vulnerabilities - CVEs Published In July 2023
CVE-2023-24489
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2023-07-10
Users with only access to launch VDA applications can launch an unauthorized desktop
CVSS Score
6.3
EPSS Score
0.001
Published
2023-07-10
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-07-10
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-10
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-07-10
A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233477 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.7
EPSS Score
0.01
Published
2023-07-10
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants.
This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
CVSS Score
7.7
EPSS Score
0.003
Published
2023-07-10
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-07-10
Arbitrary file read in Citrix ADC and Citrix Gateway
CVSS Score
6.3
EPSS Score
0.224
Published
2023-07-10
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting
CVSS Score
6.1
EPSS Score
0.914
Published
2023-07-10