CVE-2023-50439

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 13, 2023
Updated: Dec 20, 2023

Summary

CVE-2023-50439 is a cyber vulnerability that affects ZED containers produced by PRIMX ZED! for Windows. The affected versions include ZED! for Windows before Q.2020.3, ZED! for Windows before Q.2021.2, ZONECENTRAL for Windows before Q.2021.2, ZONECENTRAL for Windows before 2023.5, and ZEDMAIL for Windows before 2023.5. This vulnerability allows an unauthenticated attacker to obtain certain information about the context of use, such as the project name, by disclosing the original path in which the containers were created. The risk score is 25, and the base severity is medium according to NIST's National Vulnerability Database (NVD). The exploitability score is 3.9 out of 10, indicating a moderate level of difficulty for exploitation. The confidentiality impact is low, and no privileges are required to exploit this vulnerability. It has a network attack vector and does not require any user interaction or affect integrity or availability.

To remediate this vulnerability, organizations should update their PRIMX ZED! products to versions Q.2020.3 or later for ZED! for Windows and versions Q.2021.2 or later for ZONECENTRAL and ZEDMAIL for Windows.

This vulnerability poses a potential danger to organizations using the affected PRIMX ZED! products as it allows unauthorized access to information about the containers' context of use. While the confidentiality impact is low, it can still provide valuable insights to attackers about projects and potentially aid in further exploitation or targeted attacks against the organization's infrastructure or sensitive data

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-50439 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options