CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-50159
https://notcve.org/view.php?id=CVE-2023-50159
11 Jan 2024 — In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. En el agente ScaleFusion (aplicación de escritorio de Windows) v10.5.2, las restricciones de la aplicación en modo quiosco se pueden omitir permitiendo la ejecución de código arbitrario. • https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-51749
https://notcve.org/view.php?id=CVE-2023-51749
11 Jan 2024 — ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules." ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicación Edge porque se puede realizar una búsqueda desde una información sobre herramientas. • https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-51748
https://notcve.org/view.php?id=CVE-2023-51748
11 Jan 2024 — ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicación Edge porque se pueden usar Ctrl-O y Ctrl-S. • https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51750
https://notcve.org/view.php?id=CVE-2023-51750
11 Jan 2024 — ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules." ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicación Edge porque pueden ocurrir descargas de archivos. • https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent • CWE-286: Incorrect User Management •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51751
https://notcve.org/view.php?id=CVE-2023-51751
11 Jan 2024 — ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicación Edge porque se puede usar Alt-F4. • https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent •