CVE-2023-3842

HIGH

Pointware EasyInventory <1.0.12.0 - Unquoted Search Path

Title source: llm

Description

A vulnerability was found in Pointware EasyInventory 1.0.12.0 and classified as critical. This issue affects some unknown processing of the file C:\Program Files (x86)\EasyInventory\Easy2W.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-235193 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References (2)

[Permissions Required, Third Party Advisory] https://vuldb.com/?id.235193

[Permissions Required] https://vuldb.com/?ctiid.235193

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 10.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

pointware/easyinventory 1.0.12.0

Published Jul 23, 2023

Tracked Since Feb 18, 2026