Authentication flaw

2023-01-1012:15:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.6%

JSON

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.

CPENameOperatorVersion
automation_license_managereq5.1
automation_license_managereq5.1 sp1
automation_license_managereq6.0
automation_license_managereq6.0.1
automation_license_managereq6.0.8
automation_license_managereq6.0.9
automation_license_managereq5.0.0
automation_license_managereq5.2
automation_license_managereq5.3
automation_license_managereq5.3.4.4

Name	Operator	Version
automation_license_manager	eq	5.1
automation_license_manager	eq	5.1 sp1
automation_license_manager	eq	6.0
automation_license_manager	eq	6.0.1
automation_license_manager	eq	6.0.8
automation_license_manager	eq	6.0.9
automation_license_manager	eq	5.0.0
automation_license_manager	eq	5.2
automation_license_manager	eq	5.3
automation_license_manager	eq	5.3.4.4