CVE-2019-19460

MEDIUM Year: 2019
CVSS v3 Score
5.5
Medium
CVSS v2 Score
6.6
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available.

Related Vulnerabilities

CVE-2002-1713

MEDIUM
CVSS:5.5(Medium)

The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.

CWE-2762002

CVE-2012-6136

MEDIUM
CVSS:5.5(Medium)

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

CWE-2762012

CVE-2013-1425

MEDIUM
CVSS:5.5(Medium)

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.

CWE-2762013

CVE-2013-4281

MEDIUM
CVSS:5.5(Medium)

In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.

CWE-2762013

CVE-2017-6404

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.

CWE-2762017

CVE-2017-7761

MEDIUM
CVSS:5.5(Medium)

The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), pr...

CWE-2762017