1E-2020-2001

Unquoted search path in 1E client

Bulletin ID
1E-2020-2001
Issue Date
29 ธ.ค. 2020
Last Update
21 พ.ย. 2024
Priority
Important
CVSS
8.8 (High)
Assigned CVE
CVE-2020-27645
Affected Products
1E Client for Windows

1. Vulnerability Details

CVE-ID

Description

The Inventory module of the 1E Client 5.0.0.745 doesn’t handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.

CVSS3.1 Score

Base Score 8.8 (High)

CVSS3.1 Vector String

Problem type

2. Affected products and versions

Product Versions

1E Client for Windows

5.0.x