CVE-2022-23862

Name of the Vulnerable Software and Affected Versions Y Soft SAFEQ version 6 Build 53

Description A Local Privilege Escalation issue was discovered. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT AuthoritySystem" user, an attacker is able to use the issue to execute arbitrary code and elevate to the system user.

Recommendations For Y Soft SAFEQ version 6 Build 53, consider disabling the SafeQ JMX service running on port 9696 as a temporary workaround until a patch is available. Restrict access to the SafeQ JMX service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.