exploitDog

GHSA-xxcx-3jxf-738h

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.8

Описание

A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability.

A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability.

Ссылки

EPSS

Процентиль: 16%

0.00052

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-276

Связанные уязвимости

CVE-2020-13532

CVSS3: 7.8

nvd

почти 5 лет назад

A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability.

EPSS

Процентиль: 16%

0.00052

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-276