Security Advisory
PTC’s KEPServerEX Vulnerabilities
DLL Hijacking, UNC Path Injection, Insufficiently Protected Credentials
Risk Information
Possible Threat
CVE ID
CVE-2023-29444
CVE-2023-29445
CVE-2023-29446
CVE-2023-29447
Vunerability Type
DLL Hijacking
DLL Hijacking
UNC Path Injection
Insufficiently Protected Credentials
CVSS3 Score
7.8
7.8
4.7
5.7
CVSSv3 Vector
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affecting
Mitigation
PTC plans to release a patch on November 14th, 2023.
07/26/2023