How severe is CVE-2019-7588?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2019-7588?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2019-7588

HIGH Year: 2019

CVSS v3 Score

7.0

High

CVSS v2 Score

6.9

Medium

Weakness Type

CWE-276

View all →

Vulnerability Description

A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not impact any Windows Server OSs, or Linux deployments with permissions that are not inherited from the root directory. Authorized Users have ‘modify’ permission to the ESM folders, which allows a low privilege account to modify files located in these directories. An executable can be renamed and replaced by a malicious file that could connect back to a bad actor providing system level privileges. A low privileged user is not able to restart the service, but a restart of the system would trigger the execution of the malicious file. This issue affects: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) Version 5.12.2 and prior versions; This issue does not affect: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) 19.03 and above.

CVE-2024-27134

HIGH

CVSS:7.0(High)

Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU at...

CWE-2762024

CVE-2024-49724

HIGH

CVSS:7.0(High)

In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privi...

CWE-2762024

CVE-2017-12699

HIGH

CVSS:7.1(High)

An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with ma...

CWE-2762017

CVE-2017-1382

HIGH

CVSS:7.1(High)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker co...

CWE-2762017

CVE-2019-3688

HIGH

CVSS:7.1(High)

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had...

CWE-2762019

CVE-2019-5687

HIGH

CVSS:7.1(High)

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an obje...

CWE-2762019

CVE-2019-7588

Vulnerability Description

Related Vulnerabilities

CVE-2024-27134

CVE-2024-49724

CVE-2017-12699

CVE-2017-1382

CVE-2019-3688

CVE-2019-5687