CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2020-26155
https://notcve.org/view.php?id=CVE-2020-26155
Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack. Múltiples archivos y carpetas en Utimaco SecurityServer versiones 4.20.0.4 y 4.31.1.0, son instalados con permisos de lectura y escritura para usuarios autenticados, permitiendo a usuarios no administradores manipular binarios. Adicionalmente, las entradas son realizadas en la variable de entorno PATH que, junto con estos permisos débiles, podrían permitir a un atacante llevar a cabo un ataque de secuestro DLL • https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155 • CWE-427: Uncontrolled Search Path Element CWE-732: Incorrect Permission Assignment for Critical Resource •