Описание
Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
Комментарий
Per: http://cwe.mitre.org/data/definitions/428.html
"CWE-428: Unquoted Search Path or Element"
Ссылки
- Vendor Advisory
- Vendor Advisory
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:schneider-electric:floating_license_manager:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:floating_license_manager:1.4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00654
Низкий
6.9 Medium
CVSS2
6.9 Medium
CVSS2
Дефекты
CWE-428
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
EPSS
Процентиль: 70%
0.00654
Низкий
6.9 Medium
CVSS2
6.9 Medium
CVSS2
Дефекты
CWE-428
NVD-CWE-Other