An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser.
References
Link | Resource |
---|---|
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0002.md | Exploit Third Party Advisory |
https://www.igel.com/igel-solution-family/universal-management-suite/ | Product Vendor Advisory |
Configurations
History
17 Jun 2022, 16:00
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.igel.com/igel-solution-family/universal-management-suite/ - Product, Vendor Advisory | |
References | (MISC) https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0002.md - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CWE | CWE-276 | |
CPE | cpe:2.3:a:igel:universal_management_suite:6.07.100:*:*:*:*:*:*:* |
09 Jun 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-09 04:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-25804
Mitre link : CVE-2022-25804
CVE.ORG link : CVE-2022-25804
JSON object : View
Products Affected
igel
- universal_management_suite
CWE
CWE-276
Incorrect Default Permissions