Описание
Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 25.2 (исключая)
cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00028
Низкий
7.8 High
CVSS3
Дефекты
CWE-268
Связанные уязвимости
CVSS3: 7.8
github
6 месяцев назад
Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.
EPSS
Процентиль: 8%
0.00028
Низкий
7.8 High
CVSS3
Дефекты
CWE-268