Summaryinfo

A vulnerability was found in HYPR Workforce Access up to 8.6 on Windows. It has been declared as critical. The impacted element is an unknown function. Such manipulation leads to link following. This vulnerability is listed as CVE-2023-6335. The attack must be carried out locally. There is no available exploit. It is recommended to upgrade the affected component. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Detailsinfo

A vulnerability was found in HYPR Workforce Access up to 8.6 on Windows. It has been rated as critical. Affected by this issue is some unknown processing. The manipulation with an unknown input leads to a link following vulnerability. Using CWE to declare the problem leads to CWE-59. The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. Impacted is confidentiality, integrity, and availability. CVE summarizes:

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

The weakness was presented 01/17/2024. The advisory is shared for download at hypr.com. This vulnerability is handled as CVE-2023-6335 since 11/27/2023. There are neither technical details nor an exploit publicly available.

Upgrading to version 8.7 eliminates this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• HYPR

Name

• Workforce Access

Version

• 8.0
• 8.1
• 8.2
• 8.3
• 8.4
• 8.5
• 8.6

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion