CVE-2014-9113

Опубликовано: 02 дек. 2014

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement, which allows local users to obtain LocalSystem privileges via a Trojan horse file.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cchgroup:prosystem_fx_engagement:*:*:*:*:*:*:*:*

Версия до 7.1 (включая)

EPSS

Процентиль: 74%

0.00826

Низкий

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-phr9-2hw3-5w6q

github

больше 3 лет назад

CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\, which allows local users to obtain LocalSystem privileges via a Trojan horse file.