PT-2019-9563 · Capmon · Capmon Access Manager

Published

2019-03-15

Updated

2019-10-03

CVE-2018-18254

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CapMon Access Manager version 5.4.1.1005

Description An issue allows an unprivileged user to read the cal whitelist table in the Custom App Launcher database. This could potentially allow the user to gain privileges by placing a Trojan horse program at an app pathname.

Recommendations For version 5.4.1.1005, consider restricting access to the Custom App Launcher database to prevent unauthorized reading of the cal whitelist table. As a temporary workaround, monitor the app pathnames for any suspicious activity that could indicate the presence of a Trojan horse program.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-18254

Affected Products

Capmon Access Manager

PT-2019-9563 · Capmon · Capmon Access Manager

CVE-2018-18254

Weakness Enumeration

Related Identifiers

Affected Products

References · 3