Описание
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.
Ссылки
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
Связанные уязвимости
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.
Уязвимость службы преобразования SQL-запросов SAP PowerDesigner Proxy, связанная с отсутствием кавычек в написании элементов или путей поиска, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3
7.2 High
CVSS2