PT-2022-3392 · Mentor Graphics · Xpedition Designer
Published
2022-06-14
·
Updated
2023-06-13
·
CVE-2022-31465
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Xpedition Designer VX.2.10 versions prior to VX.2.10 Update 13
Xpedition Designer VX.2.11 versions prior to VX.2.11 Update 11
Xpedition Designer VX.2.12 versions prior to VX.2.12 Update 5
Xpedition Designer VX.2.13 versions prior to VX.2.13 Update 1
Description
The issue is related to the improper assignment of access rights to a critical resource in the Xpedition Designer application. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges, potentially leading to the execution of arbitrary code or a denial of service.
Recommendations
For Xpedition Designer VX.2.10, update to VX.2.10 Update 13 or later.
For Xpedition Designer VX.2.11, update to VX.2.11 Update 11 or later.
For Xpedition Designer VX.2.12, update to VX.2.12 Update 5 or later.
For Xpedition Designer VX.2.13, update to VX.2.13 Update 1 or later.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xpedition Designer