Evernote is vulnerable to a flaw that can lead to remote code execution on successful exploitation. Tracked as CVE-2023-50643, the vulnerability has a critical severity rating and a CVSS score of 9.8. On successful exploitation, a remote attacker may execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.
Evernote is a note-taking and task-management application. The application helps archive and create notes with embedded photos, audio, and saved web content.
The vulnerability may allow a remote attacker to execute arbitrary code on target systems by the RunAsNode and enableNodeClilnspectArguments components.
Affected versions
The vulnerability affects Evernote for MacOS version 10.68.2.
Mitigation
Customers must upgrade to the latest version to patch the vulnerability.
Please refer to the GitHub Security Advisory for more information.
Qualys Detection
Qualys customers can scan their devices with QID 379285 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
