CVE-2019-19277

Name of the Vulnerable Software and Affected Versions SIPORT MP versions prior to 3.1.4

Description A vulnerability has been identified that allows the creation of special accounts, referred to as "service users", with administrative privileges. This could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.

Recommendations For versions prior to 3.1.4, update to version 3.1.4 or later to resolve the issue. As a temporary workaround, consider restricting the creation of "service users" with administrative privileges until a patch is available. Restrict access to administrative functions to minimize the risk of exploitation.