CVE-2023-50440

ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
primxzed\!
𝑥
< 2023.5
primxzed\!
𝑥
< 2023.5
primxzed\!
𝑥
< 2023.5
primxzed\!
𝑥
< 2023.5
primxzed\!
𝑥
< 2023.5
primxzed\!
𝑥
< 2023.5
primxzed\!
𝑥
< 2023.5
primxzed\!
𝑥
< 2023.5
primxzed\!
2023.0 ≤
𝑥
< 2023.5
primxzedmail
𝑥
< 2023.5
primxzonecentral
2023.0 ≤
𝑥
< 2023.5
𝑥
= Vulnerable software versions
References
https://www.primx.eu/en/bulletins/security-bulletin-23B30931/
https://www.primx.eu/fr/blog/
https://www.primx.eu/en/bulletins/security-bulletin-23B30931/
https://www.primx.eu/fr/blog/