CVE-2023-41137

Summary

Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.

Affected Software

VendorProductVersion RangeStatus
AppsAnywhereAppsAnywhere Client1.4.0affected
AppsAnywhereAppsAnywhere Client1.4.1affected
AppsAnywhereAppsAnywhere Client1.5.1affected
AppsAnywhereAppsAnywhere Client1.5.2affected
AppsAnywhereAppsAnywhere Client1.6.0affected
AppsAnywhereAppsAnywhere Client2.0.0affected
AppsAnywhereAppsAnywhere Client1.6.1unaffected
AppsAnywhereAppsAnywhere Client2.0.1unaffected
AppsAnywhereAppsAnywhere Client2.2.0unaffected

Weaknesses

  • CWE-321: Use of Hard-coded Cryptographic Key

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References