PT-2019-4443 · Hewlett Packard · Hp Touchpoint Analytics

Peleg Hadar

Published

2019-10-04

Updated

2020-08-24

CVE-2019-6333

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HP Touchpoint Analytics versions prior to 4.1.4.2827

Description A potential security issue has been identified that may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service. The issue is related to insufficient input validation, which can be exploited by an attacker to execute malicious code using DLL files. This can lead to a privilege escalation.

Recommendations For versions prior to 4.1.4.2827, update to version 4.1.4.2827 or later to resolve the issue. As a temporary workaround, consider restricting access to the HP Touchpoint Analytics system service to minimize the risk of exploitation. Additionally, avoid using malicious DLL files in the affected system.

Fix

RCE

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-427

Related Identifiers

BDU:2020-00216

CVE-2019-6333

Affected Products

Hp Touchpoint Analytics

PT-2019-4443 · Hewlett Packard · Hp Touchpoint Analytics

CVE-2019-6333

Weakness Enumeration

Related Identifiers

Affected Products

References · 12