CVE-2019-12162

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
upworktime_tracker
5.2.2.716
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.upwork.com/hc/en-us/categories/360001180954
https://vuldb.com/?id.138406
https://support.upwork.com/hc/en-us/categories/360001180954
https://vuldb.com/?id.138406