8.8
CVE-2020-36161
- EPSS 0.05%
- Published 06.01.2021 01:15:12
- Last modified 21.11.2024 05:28:51
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.
Data is provided by the National Vulnerability Database (NVD)
Veritas ≫ Aptare It Analytics Version10.4.00 Update-
Veritas ≫ Aptare It Analytics Version10.4.00 Updatepatch1
Veritas ≫ Aptare It Analytics Version10.4.00 Updatepatch2
Veritas ≫ Aptare It Analytics Version10.4.00 Updatepatch3
Veritas ≫ Aptare It Analytics Version10.4.00 Updatepatch4
Veritas ≫ Aptare It Analytics Version10.4.00 Updatepatch5
Veritas ≫ Aptare It Analytics Version10.4.00 Updatepatch6
Veritas ≫ Aptare It Analytics Version10.4.00 Updatepatch7
Veritas ≫ Aptare It Analytics Version10.4.00 Updatepatch8
Veritas ≫ Aptare It Analytics Version10.5.00 Update-
Veritas ≫ Aptare It Analytics Version10.5.00 Updatepatch1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.122 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|