CVE-2020-36161

Published: Jan 6, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.

Affected (11)

Products: Veritas: Aptare It Analytics

Veritas

1 product

Aptare It Analytics

Configuration A

11 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Veritas Aptare It Analytics	Version 10.4.00
Veritas Aptare It Analytics	Version 10.4.00 patch1
Veritas Aptare It Analytics	Version 10.4.00 patch2
Veritas Aptare It Analytics	Version 10.4.00 patch3
Veritas Aptare It Analytics	Version 10.4.00 patch4
Veritas Aptare It Analytics	Version 10.4.00 patch5
Veritas Aptare It Analytics	Version 10.4.00 patch6
Veritas Aptare It Analytics	Version 10.4.00 patch7
Veritas Aptare It Analytics	Version 10.4.00 patch8
Veritas Aptare It Analytics	Version 10.5.00
Veritas Aptare It Analytics	Version 10.5.00 patch1

Running on/with	Platform Versions
Microsoft Windows	All versions

References (2)

https://www.veritas.com/content/support/en_US/security/VTS20-009

Source: cve@mitre.org

Vendor Advisory

https://www.veritas.com/content/support/en_US/security/VTS20-009

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.