Описание
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 10.0 (включая) до 10.2 (исключая)Версия до 9.0.2 (включая)Версия от 10.0 (включая) до 10.2 (исключая)
Одно из
cpe:2.3:a:soyal:701clientsql:*:*:*:*:*:*:*:*
cpe:2.3:a:soyal:701server:*:*:*:*:*:*:*:*
cpe:2.3:a:soyal:701serversql:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02421
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-276
Связанные уязвимости
github
больше 3 лет назад
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
EPSS
Процентиль: 85%
0.02421
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-276