Vulnerability Description
An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. NOTE: this is disputed by the vendor, who indicates that ArtisBrowser 34 does not support CSS3.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artistscope | Artisbrowser | <= 34.1.5 |
Related Weaknesses (CWE)
References
- https://github.com/actuator/com.artis.browser/blob/main/CWE-94.mdBroken Link
- https://github.com/actuator/cve/blob/main/CVE-2023-49000Third Party Advisory
- https://github.com/advisories/GHSA-866h-q63m-66xm
- https://github.com/actuator/com.artis.browser/blob/main/CWE-94.mdBroken Link
- https://github.com/actuator/cve/blob/main/CVE-2023-49000Third Party Advisory
FAQ
What is CVE-2023-49000?
CVE-2023-49000 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. NOTE: th...
How severe is CVE-2023-49000?
CVE-2023-49000 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-49000?
Check the references section above for vendor advisories and patch information. Affected products include: Artistscope Artisbrowser.