CVE-2017-14124

EUVD-2017-5636
In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application definitions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
unicon-softwarerp
𝑥
≤ 5.5.0
unicon-softwarerp
𝑥
≤ 5.6.0
unicon-softwarerp
4.0.1
unicon-softwarerp
4.2
unicon-softwarerp
4.4.0
unicon-softwarerp
4.5.0
unicon-softwarerp
4.6.0
unicon-softwarerp
4.7.0
unicon-softwarerp
4.7.1
unicon-softwarerp
4.8.0
unicon-softwarerp
4.9.0
unicon-softwarerp
4.10.0
unicon-softwarerp
4.11.0
unicon-softwarerp
4.11.1
unicon-softwarerp
4.11.3
unicon-softwarerp
4.11.5
unicon-softwarerp
5.0.0
unicon-softwarerp
5.1.0
unicon-softwarerp
5.2.0
unicon-softwarerp
5.3.0
unicon-softwarerp
5.4.0
unicon-softwarerp
5.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.myelux.com/cvesingle.htm?cve_id=CVE-2017-14124
https://www.myelux.com/cvesingle.htm?cve_id=CVE-2017-14124