SALTO ProAccess Space 5.5

CPE Details

SALTO ProAccess Space 5.5
saltosystem
proaccess_space
5.5
2019-12-12
14h57 +00:00
2019-12-12
14h57 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:saltosystem:proaccess_space:5.5:*:*:*:*:*:*:*

Informations

Vendor

saltosystem

Product

proaccess_space

Version

5.5

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-19457 2019-12-03 18h04 +00:00 SALTO ProAccess SPACE 5.4.3.0 allows XSS.
5.4
Moyen
CVE-2019-19458 2019-12-03 18h03 +00:00 SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
8.6
Haute
CVE-2019-19459 2019-12-03 18h02 +00:00 An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.
9.8
Critique
CVE-2019-19460 2019-12-03 18h00 +00:00 An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available.
5.5
Moyen