Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
cve/Hackolade/Hackolade-CVE-2020-25737.txt
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
58 lines (35 sloc)
1.54 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ CVE ID ] | |
| CVE-2020-25737 | |
| ------------------------------------------ | |
| [Suggested description] | |
| An elevation of privilege vulnerability exists in Hackolade versions prior to 4.2.0 on Windows, where the behavior of the installer in specific deployment scenarios could allow for local users to gain elevated privileges during an uninstall of the application. | |
| ------------------------------------------ | |
| [Additional Information] | |
| The vendor has acknowledged and fixed the issue in version 4.2.0 | |
| ------------------------------------------ | |
| [Problem Type] | |
| Least Privilege Violation | |
| ------------------------------------------ | |
| [ PRODUCT ] | |
| Hackolade for Windows by IntegrIT SA/NV | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| IntegrIT SA/NV | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| Hackolade versions 4.1.15 and prior for windows are impacted and has been fixed in Hackolade v4.2.0 | |
| ------------------------------------------ | |
| [Affected Component] | |
| Application uninstall workflow | |
| ------------------------------------------ | |
| [Attack Type] | |
| Local Privilege Escalation | |
| ------------------------------------------ | |
| [Attack Vectors] | |
| To exploit the vulnerability a locally logged in user must be interactively logged in during the uninstall process to elevate their privledge. | |
| ------------------------------------------ | |
| [Reference] | |
| https://hackolade.com/versionInfo/ReadMe.txt | |
| ------------------------------------------ | |
| [Has vendor confirmed or acknowledged the vulnerability?] | |
| true | |