CVE-2023-41137
09.11.2023, 15:15
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| appsanywhere | appsanywhere_client | 1.4.0 |
| appsanywhere | appsanywhere_client | 1.4.1 |
| appsanywhere | appsanywhere_client | 1.5.1 |
| appsanywhere | appsanywhere_client | 1.6.0 |
| appsanywhere | appsanywhere_client | 2.0.0 |
| appsanywhere | appsanywhere_client | 1.4.0 |
| appsanywhere | appsanywhere_client | 1.4.1 |
| appsanywhere | appsanywhere_client | 1.5.1 |
| appsanywhere | appsanywhere_client | 1.5.2 |
| appsanywhere | appsanywhere_client | 1.6.0 |
| appsanywhere | appsanywhere_client | 2.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-321 - Use of Hard-coded Cryptographic KeyThe use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.