DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.
CVSS Vector
AV:L/AC:L/Au:N/C:P/I:P/A:PDatev Nutzungskontrolle
APPDatev2.12.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2011-5158HIGH9.3ten sam vendor
Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DA...
CVE-2010-0689HIGH10.0ten sam vendor
The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base Syst...
CVE-2023-33387MEDIUM6.1ten sam vendor
A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Pl...