Article - CS407445

ThingWorx Navigate: CVE-2023-4863 Impacts and Mitigations

Modified: 21-Dec-2023   


Applies To

  • ThingWorx Navigate 9.3 to 9.3.11
  • ThingWorx Navigate 9.4.0

Description

  • Critical CVE-2023-4863 is reporting an issue with heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 where a remote attacker can perform out of bounds memory writes via crafted HTML pages.
  • Note:
    • Libwebp is utilized in ThingWorx Navigate only for authenticated users where Visualization (Thingview widget) is in use. 
    • The risk of injecting a malicious webp formatted file is extremely limited for authenticated users. There is no attack surface for unauthenticated users in ThingWorx Navigate. There are no known exploits reported for ThingWorx Navigate at this time for this CVE.
      ​​​​​
This is a printer-friendly version of Article 407445 and may be out of date. For the latest version click CS407445