CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18255
https://notcve.org/view.php?id=CVE-2018-18255
An issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve elevated privileges. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. Las aplicaciones de cliente de AccessManagerCoreService.exe se comunican con este servidor mediante tuberías nombradas. • https://improsec.com/tech-blog/cam1 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18252
https://notcve.org/view.php?id=CVE-2018-18252
An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivileged users via the --system option. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. CALRunElevated.exe proporciona acceso "NT AUTHORITY\SYSTEM" a usuarios no privilegiados mediante la opción --system. • https://improsec.com/tech-blog/cam1 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18254
https://notcve.org/view.php?id=CVE-2018-18254
An issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. Un usuario sin privilegios puede leer la tabla cal_whitelist en la base de datos Custom App Launcher (CAL) y, potencialmente, obtener privilegios colocando un programa troyano en un nombre de ruta de la aplicación. • https://improsec.com/tech-blog/cam1 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18256
https://notcve.org/view.php?id=CVE-2018-18256
An issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run any whitelisted application through the Custom App Launcher. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. Un usuario regular puede obtener privilegios de administrador local si ejecuta cualquier aplicación en lista blanca mediante el Custom App Launcher. • https://improsec.com/tech-blog/cam1 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-17948
https://notcve.org/view.php?id=CVE-2018-17948
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. Existe una vulnerabilidad de redirección abierta en Access Manager Identity Provider en versiones anteriores a la 4.4 SP3. • https://support.microfocus.com/kb/doc.php?id=7023530 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •