Proaccess Space

proaccess_space

Vendor: Saltosystem • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-19459 1Saltosystem 1Proaccess Space Nov 21, 2024 Dec 3, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto...Show more An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.Show less
CVE-2019-19458 1Saltosystem 1Proaccess Space Nov 21, 2024 Dec 3, 2019 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
CVE-2019-19457 1Saltosystem 1Proaccess Space Nov 21, 2024 Dec 3, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 SALTO ProAccess SPACE 5.4.3.0 allows XSS.
CVE-2019-19460 1Saltosystem 1Proaccess Space Nov 21, 2024 Dec 3, 2019 N/A· v4 5.5 MEDIUM· v3 6.6 MEDIUM· v2 An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is a...Show more An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available.Show less