VYPR

Access Manager

by CapMon

CVEs (5)

  • CVE-2018-18256HigMar 15, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run any whitelisted application through the Custom App Launcher.

  • CVE-2018-18255HigMar 15, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve…

  • CVE-2018-18254HigMar 15, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname.

  • CVE-2018-18252HigMar 15, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivileged users via the --system option.

  • CVE-2018-18253HigMar 15, 2019
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the…