MidnightBSD

Advisories for appsanywhere

CVE-2023-41137

Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@appcheck-ng.com 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
appsanywhere appsanywhere_client 1.6.0
appsanywhere appsanywhere_client 1.4.0
appsanywhere appsanywhere_client 2.0.0
appsanywhere appsanywhere_client 1.5.1
appsanywhere appsanywhere_client 1.5.2
appsanywhere appsanywhere_client 1.4.1
CVE-2023-41138

The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@appcheck-ng.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
appsanywhere appsanywhere_client 1.6.0
appsanywhere appsanywhere_client 1.4.0
appsanywhere appsanywhere_client 2.0.0
appsanywhere appsanywhere_client 1.5.1
appsanywhere appsanywhere_client 1.5.2
appsanywhere appsanywhere_client 1.4.1