CVE-2019-18910

Sažetak

The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.

Reference

https://support.hp.com/us-en/document/c06509350
http://seclists.org/fulldisclosure/2020/Mar/40
http://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-07-2023 - 17:56

Objavljeno

22-11-2019 - 22:15