HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2020-27645

CVSS 8.8v3.1pub. 2020-12-29upd. 2024-11-21

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • 1e Client

    APP
    1E
    5.0.0.745
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2023-45159HIGH8.4ten sam produkt

1E Client installer can perform arbitrary file deletion on protected files.   A non-privileged user could pro...

CVE-2023-45160HIGH8.8ten sam produkt

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files...

CVE-2020-16268HIGH8.8ten sam produkt

The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to ga...

CVE-2020-27644HIGH8.8ten sam produkt

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\...

CVE-2020-27643MEDIUM6.5ten sam produkt

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users a...