Описание
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:acresso:flexnet_connect:*:*:*:*:*:*:*:*
cpe:2.3:a:acresso:intallshield_update_agent:*:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00749
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.
EPSS
Процентиль: 73%
0.00749
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-94