cbcvebase.

Tsplus Remote Work vulnerabilities

4 known vulnerabilities affecting tsplus/tsplus_remote_work.

Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL4

Vulnerabilities

Page 1 of 1
CVE-2023-31068P2CRITICALCVSS 9.8PoC≤ 16.0.0.02023-09-11
CVE-2023-31068 [CRITICAL] CWE-276 CVE-2023-31068: An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permission An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
nvd
CVE-2023-31069P2CRITICALCVSS 9.8PoC≤ 16.0.0.02023-09-11
CVE-2023-31069 [CRITICAL] CWE-312 CVE-2023-31069: An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as clearte An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.
nvd
CVE-2023-27132P3CRITICALCVSS 9.8≤ 16.0.0.02023-10-17
CVE-2023-27132 [CRITICAL] CWE-522 CVE-2023-27132: TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source co TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product.
nvd
CVE-2023-27133P3CRITICALCVSS 9.8≤ 16.0.0.02023-10-17
CVE-2023-27133 [CRITICAL] CWE-276 CVE-2023-27133: TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFI TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work produ
nvd
Tsplus Remote Work vulnerabilities | cvebase