CVE-2023-35791: CVE-2023-35791 - Excellium Services

Abstract Advisory Information

A parameter is vulnerable to an Open Redirect vulnerability.

Author: Thomas CLAIR

Version affected

Name: Vound software

Product : Intella connect

Versions: 2.6.0.3

Common Vulnerability Scoring System

6.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Patch

No known patch

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35791

Vulnerability Disclosure Timeline

• • 17/04/2023: Vulnerability discovery
  • 24/04/2023: Vulnerability Report to CERT-XLM
  • 25/04/2023: Vulnerability Reported to Vound Software by mail
  • 26/04/2023: Reply from Vendor04/05/2023: Reply from Vendor
  • 08/05/2023: Reply from Vendor, ask for more informations to pentest team
  • 15/05/2023: Hashes of the installer provided to the vendor
  • 16/06/2023: Request CVE ID from MITRE
  • 19/06/2023: CVE IDs assigned Use CVE-2023-35791
  • 20/06/2023: Updated asked to Vendor
  • 27/06/2023: Updated received from Vendor
  • 04/07/2023: Updated asked to Vendor
  • 18/07/2023: Ask vendor for a release date
  • 27/07/2023: Expected Vulnerability disclosure

Our website uses cookies technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, to enable you to use the social media functionalities and assist with our promotional and marketing efforts, and provide content from third parties. You may choose to opt-out from all non-essential cookies or allow them for a better browsing experience.
For more information on the use of cookies, Please check our Privacy Notice ACCEPT REJECT SETTINGS