DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.
oryginał ENCVSS Vector
AV:L/AC:L/Au:N/C:P/I:P/A:PDatev Nutzungskontrolle
APPDatev2.12.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2011-5158HIGH9.3ten sam vendor
Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DA...
CVE-2010-0689HIGH10.0ten sam vendor
The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base Syst...
CVE-2023-33387MEDIUM6.1ten sam vendor
A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Pl...