Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HAternity
APPAternity< 12.1.4.27
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
Powiązane podatności
CVE-2016-5062CRITICAL9.8ten sam produkt
The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java M...
CVE-2016-5061MEDIUM6.1ten sam produkt
Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote at...