PT-2024-27029 · Faronics · Winselect
Daniel Hirschberger
·
Published
2024-06-24
·
Updated
2024-07-08
·
CVE-2024-36495
CVSS v3.1
7.7
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Faronics WINSelect (Standard + Enterprise) (affected versions not specified)
Description
The application saves its configuration in an encrypted file on the file system, which "Everyone" has read and write access to. The paths to the configuration files are C:ProgramDataWINSelectWINSelect.wsd for the standard version and C:ProgramDataFaronicsStorageSpaceWSWINSelect.wsd for the enterprise version.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Winselect