CVE-2023-35791

Abstract Advisory Information

A parameter is vulnerable to an Open Redirect vulnerability.

Author: Thomas CLAIR

Version affected

Name: Vound software

Product : Intella connect

Versions: 2.6.0.3

Common Vulnerability Scoring System

6.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Patches

No known patch

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35791

Vulnerability Disclosure Timeline

• 17/04/2023: Vulnerability discovery
• 24/04/2023: Vulnerability Report to CERT-XLM
• 25/04/2023: Vulnerability Reported to Vound Software by mail
• 26/04/2023: Reply from Vendor04/05/2023: Reply from Vendor
• 08/05/2023: Reply from Vendor, ask for more informations to pentest team
• 15/05/2023: Hashes of the installer provided to the vendor
• 16/06/2023: Request CVE ID from MITRE
• 19/06/2023: CVE IDs assigned Use CVE-2023-35791
• 20/06/2023: Updated asked to Vendor
• 27/06/2023: Updated received from Vendor
• 04/07/2023: Updated asked to Vendor
• 18/07/2023: Ask vendor for a release date
• 27/07/2023: Expected Vulnerability disclosure