SALTO ProAccess Space 5.5

CPE Details

SALTO ProAccess Space 5.5
5.5
2019-12-12
14h57 +00:00
2019-12-12
14h57 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:saltosystem:proaccess_space:5.5:*:*:*:*:*:*:*

Informations

Vendor

saltosystem

Product

proaccess_space

Version

5.5

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-19457 2019-12-03 18h04 +00:00 SALTO ProAccess SPACE 5.4.3.0 allows XSS.
5.4
Medium
CVE-2019-19458 2019-12-03 18h03 +00:00 SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
8.6
High
CVE-2019-19459 2019-12-03 18h02 +00:00 An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.
9.8
Critical
CVE-2019-19460 2019-12-03 18h00 +00:00 An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available.
5.5
Medium