Matt Lytle

**Name of the Vulnerable Software and Affected Versions** ScriptLogic versions prior to 4.14 **Description** The issue allows remote attackers to modify arbitrary registry entries via the ScriptLogic RPC service or modify arbitrary configuration via the RunAdmin services. This is due to services processing client requests at raised privileges. **Recommendations** For versions prior to 4.14, update to version 4.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the ScriptLogic RPC service and the RunAdmin services (SLRAserver.exe and SLRAclient.exe) to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ScriptLogic versions prior to 4.14 **Description** The issue allows users to modify log records and possibly execute arbitrary code due to insecure permissions for the LOGS$ share. **Recommendations** For versions prior to 4.14, update to version 4.14 or later to resolve the issue.