CVE-2019-12532

Name of the Vulnerable Software and Affected Versions H2OFFT versions 3.02 through 5.28 H2OFFT versions 100.00.00.00 through 100.00.08.23 H2OFFT versions 200.00.00.01 through 200.00.00.05 H2OOAE versions prior to 200.00.00.02 H2OSDE versions prior to 200.00.00.07 H2OUVE versions prior to 200.00.02.02 H2OPCM versions prior to 100.00.06.00 H2OELV versions prior to 100.00.02.08

Description The issue is related to improper access control in the Insyde software tools, which may allow an authenticated user to potentially enable escalation of privilege or information disclosure via local access. This is a software vulnerability and not a firmware issue.

Recommendations For H2OFFT versions 3.02 through 5.28, update to a version outside of this range. For H2OFFT versions 100.00.00.00 through 100.00.08.23, update to a version outside of this range. For H2OFFT versions 200.00.00.01 through 200.00.00.05, update to a version outside of this range. For H2OOAE versions prior to 200.00.00.02, update to version 200.00.00.02 or later. For H2OSDE versions prior to 200.00.00.07, update to version 200.00.00.07 or later. For H2OUVE versions prior to 200.00.02.02, update to version 200.00.02.02 or later. For H2OPCM versions prior to 100.00.06.00, update to version 100.00.06.00 or later. For H2OELV versions prior to 100.00.02.08, update to version 100.00.02.08 or later.