CVE-2019-11660 Information

Description

Privileges manipulation in Micro Focus Data Protector versions 10.00 10.01 10.02 10.03 10.04 10.10 10.20 10.30 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html https://softwaresupport.softwaregrp.com/doc/KM03525630

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8