CVE-2023-4991 HIGH

CVE-2023-4991: NextBX QWAlerter QWAlerter.exe unquoted search path

Vendor Nextbx
Product QWAlerter
Weakness CWE-428
Published September 15, 2023
Last update September 25, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

September 15, 2023 CVE published
September 25, 2024 Record updated