Home > Vulnerability Database > CVE-2023-40235

Mend.io Vulnerability Database

CVE-2023-40235

Good to know:

Date: August 10, 2023

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share server that does not accept a guest account, the host will try to authenticate on the share by using the current user's session. NOTE: this issue occurs because Archi uses an unsafe configuration of the Eclipse Modeling Framework.

Language: Java

Severity Score

6.5

Related Resources (6)

Url: https://github.com/archimatetool/archi/compare/release_5.0.2...release_5.1.0

Url: https://github.com/eclipse-emf/org.eclipse.emf/issues/8

Url: https://github.com/archimatetool/archi/commit/bcab676beddfbeddffecacf755b6692f0b0151f1

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-40235

Url: https://github.com/archimatetool/archi/issues/946

Url: https://www.mend.io/vulnerability-database/CVE-2023-40235

Severity Score

6.5

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version release_5.1.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-40235

Good to know:

Date: August 10, 2023

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?