CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11614
https://notcve.org/view.php?id=CVE-2020-11614
11 Jun 2020 — Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer. Reborn Hero Designer de Mids versión 2.6.0.7 descarga el manifiesto de actuali... • https://github.com/Crytilis/mids-reborn-hero-designer/releases • CWE-319: Cleartext Transmission of Sensitive Information CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11613
https://notcve.org/view.php?id=CVE-2020-11613
11 Jun 2020 — Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application. Reborn Hero Designer de Mids versión 2.6.0.7, presenta una vulnera... • https://github.com/Crytilis/mids-reborn-hero-designer/releases • CWE-427: Uncontrolled Search Path Element CWE-732: Incorrect Permission Assignment for Critical Resource •