CVE-2019-15719

Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
altairpbs_professional
13.0.0 ≤
𝑥
< 13.0.412
altairpbs_professional
14.0.0 ≤
𝑥
< 14.2.7
altairpbs_professional
18.0.0 ≤
𝑥
< 18.2.5
altairpbs_professional
19.1.0 ≤
𝑥
< 19.1.3
altairpbs_professional
19.2.0 ≤
𝑥
< 19.2.4
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/154782/PBS-Professional-19.2.3-Authentication-Bypass.html
https://www.hpcsec.com
https://www.hpcsec.com/2019/10/08/cve-2019-15719/
https://www.pbspro.org/
http://packetstormsecurity.com/files/154782/PBS-Professional-19.2.3-Authentication-Bypass.html
https://www.hpcsec.com
https://www.hpcsec.com/2019/10/08/cve-2019-15719/
https://www.pbspro.org/