CVE-2023-43624
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Oct 23, 2023
Updated: Nov 1, 2023
CWE ID 611
Summary
CVE-2023-43624 is a vulnerability affecting CX-Designer Ver.3.740 and earlier versions, including those used in CX-One CXONE-AL[].[[]D-V4]. This issue involves an improper restriction of XML external entity references (XXE), which can lead to sensitive information disclosure. If a user opens a maliciously crafted project file, the attacker can potentially access and reveal file system data where CX-Designer is installed.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share