CVE-2023-4003

Summary

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges.

Affected Software

VendorProductVersion RangeStatus
OneOneversion 5.9.7.1 <= upgrade to versions 5.12.2, 5.11.2 or 5.13affected

Weaknesses

  • CWE-250: CWE-250 -Execution with Unnecessary Privileges.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References