CVE-2023-35816

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-35816
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.

3.5 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://code-white.com/public-vulnerability-list/ Vendor Advisory
https://supportcenter.devexpress.com/ticket/details/t1127422/insecure-arbitrary-typeconverter-conversion Permissions Required
https://supportcenter.devexpress.com/ticket/details/t1159641/net-desktop-and-web-controls-unsafe-data-type-deserialization Permissions Required
https://supportcenter.devexpress.com/ticket/details/t394936/devexpress-security-advisory-updated-on-april-27-2023 Permissions Required
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:devexpress:devexpress:*:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:devexpress:22.1.8:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:devexpress:22.2.4:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:devexpress:22.2.5:*:*:*:*:*:*:*
History

05 Jun 2025, 14:30

Type Values Removed Values Added
CWE CWE-704
First Time Devexpress devexpress
Devexpress
CPE cpe:2.3:a:devexpress:devexpress:22.2.5:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:devexpress:*:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:devexpress:22.1.8:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:devexpress:22.2.4:*:*:*:*:*:*:*
References () https://code-white.com/public-vulnerability-list/ - () https://code-white.com/public-vulnerability-list/ - Vendor Advisory
References () https://supportcenter.devexpress.com/ticket/details/t1127422/insecure-arbitrary-typeconverter-conversion - () https://supportcenter.devexpress.com/ticket/details/t1127422/insecure-arbitrary-typeconverter-conversion - Permissions Required
References () https://supportcenter.devexpress.com/ticket/details/t1159641/net-desktop-and-web-controls-unsafe-data-type-deserialization - () https://supportcenter.devexpress.com/ticket/details/t1159641/net-desktop-and-web-controls-unsafe-data-type-deserialization - Permissions Required
References () https://supportcenter.devexpress.com/ticket/details/t394936/devexpress-security-advisory-updated-on-april-27-2023 - () https://supportcenter.devexpress.com/ticket/details/t394936/devexpress-security-advisory-updated-on-april-27-2023 - Permissions Required

29 Apr 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) DevExpress anterior a 23.1.3 permite la conversión arbitraria de TypeConverter.

28 Apr 2025, 17:15

Type Values Removed Values Added
References
  • () https://code-white.com/public-vulnerability-list/ -

28 Apr 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-28 16:15

Updated : 2025-06-05 14:30

NVD link : CVE-2023-35816

Mitre link : CVE-2023-35816

CVE.ORG link : CVE-2023-35816

JSON object : View

Products Affected

devexpress

  • devexpress
CWE
CWE-23

Relative Path Traversal

CWE-704

Incorrect Type Conversion or Cast