Описание
Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.
Ссылки
- ExploitMitigationVendor Advisory
- ExploitMitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:unisys:secure_partitioning:4.3.403:*:*:*:*:*:*:*
cpe:2.3:a:unisys:secure_partitioning:4.4.19:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00065
Низкий
6.7 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-428
Связанные уязвимости
CVSS3: 6.7
github
больше 3 лет назад
Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.
EPSS
Процентиль: 21%
0.00065
Низкий
6.7 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-428