PT-2019-9563 · Capmon · Capmon Access Manager

Publicado

2019-03-15

Atualizado

2019-10-03

CVE-2018-18254

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CapMon Access Manager version 5.4.1.1005

Description An issue allows an unprivileged user to read the cal whitelist table in the Custom App Launcher database. This could potentially allow the user to gain privileges by placing a Trojan horse program at an app pathname.

Recommendations For version 5.4.1.1005, consider restricting access to the Custom App Launcher database to prevent unauthorized reading of the cal whitelist table. As a temporary workaround, monitor the app pathnames for any suspicious activity that could indicate the presence of a Trojan horse program.

Exploit

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2018-18254

Produtos afetados

Capmon Access Manager

PT-2019-9563 · Capmon · Capmon Access Manager

CVE-2018-18254

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3