References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-267

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-798

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-798

An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication (IPC). Specifically, the service does not verify the code requirements, entitlements, security flags, or version of any client attempting to establish a connection. This lack of proper logic validation allows malicious actors 

https://github.com/Wi1DN00B/CVE-2024-55968

https://github.com/null-event/CVE-2024-55968