8.8 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
79.9%
The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation.
packetstormsecurity.com/files/150427/Miss-Marple-Enterprise-Edition-File-Upload-Hardcoded-AES-Key.html
seclists.org/fulldisclosure/2018/Nov/55
seclists.org/bugtraq/2018/Nov/37
www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-miss-marple-enterprise-edition/