CVE-2019-18631

Name of the Vulnerable Software and Affected Versions Centrify Authentication and Privilege Elevation Services versions 3.4.0 through 3.6.0

Description The issue arises from improper handling of an unspecified exception during the use of partially trusted assemblies to serialize input data. This allows attackers to execute arbitrary code inside the Centrify process. The exploitation can occur through a crafted application that makes a pipe connection to the process and sends malicious serialized data, or through a crafted Microsoft Management Console snap-in control file.

Recommendations For versions 3.4.0 through 3.6.0, consider restricting access to the Centrify process to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using partially trusted assemblies for serializing input data.