A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.
Metrics
Affected Vendors & Products
References
History
Wed, 30 Oct 2024 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:ysoft:safeq:6.0:build53:*:*:*:*:*:* |
Tue, 22 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ysoft
Ysoft safeq |
|
Weaknesses | CWE-306 | |
CPEs | cpe:2.3:a:ysoft:safeq:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ysoft
Ysoft safeq |
|
Metrics |
cvssV3_1
|
Tue, 22 Oct 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-22T00:00:00
Updated: 2024-10-22T18:30:53.788Z
Reserved: 2022-01-24T00:00:00
Link: CVE-2022-23862
Vulnrichment
Updated: 2024-10-22T18:26:54.191Z
NVD
Status : Analyzed
Published: 2024-10-22T16:15:05.443
Modified: 2024-10-30T21:21:09.990
Link: CVE-2022-23862
Redhat
No data.