Unit4: >> Mik.starlight Security Vulnerabilities
Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-08-31
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-08-31
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-08-31
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.
CVSS Score
8.8
EPSS Score
0.011
Published
2021-08-31