{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T00:52:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.veritas.com/content/support/en_US/security/VTS20-009"}], "x_ConverterErrors": {"cvssV3_1": {"error": "CVSSV3_1 data from v4 record is invalid", "message": "Missing mandatory metrics \"AV\""}}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36161", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/A:H/C:H/I:H/PR:N/S:C/UI:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.veritas.com/content/support/en_US/security/VTS20-009", "refsource": "MISC", "url": "https://www.veritas.com/content/support/en_US/security/VTS20-009"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:23:09.044Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.veritas.com/content/support/en_US/security/VTS20-009"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-36161", "datePublished": "2021-01-06T00:52:56", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-04T17:23:09.044Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:-:*:*:*:*:*:*", "matchCriteriaId": "3F214244-BD54-4579-81B3-F9B508861BFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch1:*:*:*:*:*:*", "matchCriteriaId": "07BDFC9E-1D04-4EF2-B93A-4D25FA78FD8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch2:*:*:*:*:*:*", "matchCriteriaId": "681F88EB-9059-4FAA-98D9-83D936CCC292", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch3:*:*:*:*:*:*", "matchCriteriaId": "50F4195B-C03C-49F3-801F-A7B6E4E382B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch4:*:*:*:*:*:*", "matchCriteriaId": "F02D93EE-671D-4BE7-B6D5-FD74F483893A", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch5:*:*:*:*:*:*", "matchCriteriaId": "7D867DAF-F441-48B2-A77A-380BE0DF151B", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch6:*:*:*:*:*:*", "matchCriteriaId": "FE3EC431-0A78-42E4-900E-D19FEA8C12FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch7:*:*:*:*:*:*", "matchCriteriaId": "CB25E6DF-822F-40C9-BC19-BC65F2343E7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch8:*:*:*:*:*:*", "matchCriteriaId": "124313FD-7198-46F2-9AE4-97421E79E715", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:aptare_it_analytics:10.5.00:-:*:*:*:*:*:*", "matchCriteriaId": "EC4CE343-9FF2-437C-9EEA-586C2F9D8472", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:aptare_it_analytics:10.5.00:patch1:*:*:*:*:*:*", "matchCriteriaId": "C000D745-8C9D-43EC-9386-625CE618AA46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Veritas APTARE versiones 10.4 anteriores a 10.4P9 y versiones 10.5 anteriores a 10.5P3. Por defecto, en los sistemas Windows, los usuarios pueden crear directorios en C:\\. Un usuario poco privilegiado puede crear un directorio en las ubicaciones del archivo de configuraci\u00f3n. Cuando se reinicia el sistema Windows, un motor OpenSSL malicioso podr\u00eda explotar una ejecuci\u00f3n de c\u00f3digo arbitraria como SYSTEM. Esto le otorga al atacante acceso de administrador al sistema, permitiendo al atacante (por defecto) acceder a todos los datos, acceder a todas las aplicaciones instaladas, etc"}], "id": "CVE-2020-36161", "lastModified": "2024-11-21T05:28:51.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-06T01:15:12.810", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.veritas.com/content/support/en_US/security/VTS20-009"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.veritas.com/content/support/en_US/security/VTS20-009"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}