CVE-2023-32546

EUVD-2023-36790
Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA-ADPADP
4.4 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
chatworkchatwork
𝑥
≤ 2.6.43
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://go.chatwork.com/ja/download/
https://jvn.jp/en/jp/JVN96828492/
https://go.chatwork.com/ja/download/
https://jvn.jp/en/jp/JVN96828492/