CVE-2020-13549

Name of the Vulnerable Software and Affected Versions Sytech XL Reporter version 14.0.1

Description An exploitable local privilege elevation issue exists in the file system permissions of the install directory. Depending on the chosen vector, an attacker can overwrite service executables and execute arbitrary code with the privileges of the user set to run the service or replace other files within the installation folder, allowing for local privilege escalation.

Recommendations For Sytech XL Reporter version 14.0.1, consider restricting access to the installation folder to minimize the risk of exploitation. As a temporary workaround, avoid using the service executables that can be overwritten by an attacker until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.