CVE-2023-46595

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 2, 2023
Updated: Feb 15, 2024
CWE ID 79

Summary

CVE-2023-46595 is a vulnerability affecting the FireFlow VisualFlow workflow editor. An attacker can exploit this HTML injection flaw to trigger a Net-NTLM leak, exposing the victim's domain credentials and Net-NTLM hash. This vulnerability can potentially be used for relay domain attacks. The issue has been resolved in FireFlow versions A32.20 (b570 or above) and A32.50 (b390 or above).

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share