Описание
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user.
Ссылки
- Vendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 10.0 (включая) до 10.5.5 (исключая)
cpe:2.3:a:kaseya:unitrends_backup:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02264
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-74
Связанные уязвимости
CVSS3: 8.8
github
около 4 лет назад
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user.
EPSS
Процентиль: 84%
0.02264
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-74