Saltosystem: Security Vulnerabilities
SALTO ProAccess SPACE 5.4.3.0 allows XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-12-03
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
CVSS Score
8.6
EPSS Score
0.009
Published
2019-12-03
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.
CVSS Score
9.8
EPSS Score
0.018
Published
2019-12-03
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-03