Permissive List of Allowed Inputs

CVE-2022-23158

Medium

6/10

Summary

Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-183 - Permissive List of Allowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

References

Advisory Timeline

Published Apr 01, 2022

Permissive List of Allowed Inputs

CVE-2022-23158

Summary

CWE-183 - Permissive List of Allowed Inputs

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS