Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
[ CVE ID ]
CVE-2020-25737
------------------------------------------
[Suggested description]
An elevation of privilege vulnerability exists in Hackolade versions prior to 4.2.0 on Windows, where the behavior of the installer in specific deployment scenarios could allow for local users to gain elevated privileges during an uninstall of the application.
------------------------------------------
[Additional Information]
The vendor has acknowledged and fixed the issue in version 4.2.0
------------------------------------------
[Problem Type]
Least Privilege Violation
------------------------------------------
[ PRODUCT ]
Hackolade for Windows by IntegrIT SA/NV
------------------------------------------
[Vendor of Product]
IntegrIT SA/NV
------------------------------------------
[Affected Product Code Base]
Hackolade versions 4.1.15 and prior for windows are impacted and has been fixed in Hackolade v4.2.0
------------------------------------------
[Affected Component]
Application uninstall workflow
------------------------------------------
[Attack Type]
Local Privilege Escalation
------------------------------------------
[Attack Vectors]
To exploit the vulnerability a locally logged in user must be interactively logged in during the uninstall process to elevate their privledge.
------------------------------------------
[Reference]
https://hackolade.com/versionInfo/ReadMe.txt
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true