CVE-2019-11660

Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microfocusCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
microfocusdata_protector
10.00 ≤
𝑥
≤ 10.04
microfocusdata_protector
10.10 ≤
𝑥
≤ 10.40
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html
https://softwaresupport.softwaregrp.com/doc/KM03525630
http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html
https://softwaresupport.softwaregrp.com/doc/KM03525630