← Back

Gbgplc

gbgplc

8 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Acuant Acufill Sdk
acuant_acufill_sdk
6 CVEs
Acuant Asureid Sentinel
acuant_asureid_sentinel
2 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-48227
1Gbgplc
1Acuant Asureid Sentinel
Feb 13, 2025
Apr 4, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361.
CVE-2022-48224
1Gbgplc
1Acuant Acufill Sdk
Feb 18, 2025
Apr 4, 2023
N/A· v4
7.3 HIGH· v3
N/A· v2
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get execut...Show more
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges).Show less
CVE-2022-48223
1Gbgplc
1Acuant Acufill Sdk
Feb 18, 2025
Apr 4, 2023
N/A· v4
6.7 MEDIUM· v3
N/A· v2
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition...Show more
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory.Show less
CVE-2022-48222
1Gbgplc
1Acuant Acufill Sdk
Feb 18, 2025
Apr 4, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated p...Show more
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges).Show less
CVE-2022-48228
1Gbgplc
1Acuant Asureid Sentinel
Feb 14, 2025
Apr 4, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362.
CVE-2022-48226
1Gbgplc
1Acuant Acufill Sdk
Feb 13, 2025
Apr 4, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code executio...Show more
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation.Show less
CVE-2022-48225
1Gbgplc
1Acuant Acufill Sdk
Feb 18, 2025
Apr 4, 2023
N/A· v4
7.3 HIGH· v3
N/A· v2
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, becau...Show more
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location.Show less
CVE-2022-48221
1Gbgplc
1Acuant Acufill Sdk
Feb 18, 2025
Apr 4, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by...Show more
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This gives a standard user full SYSTEM code execution (elevation of privileges).Show less