Windows Agent Security Vulnerabilities
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege...
7.8CVSS
6.9AI Score
0.0004EPSS
A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target...
7.2AI Score
0.0004EPSS
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...
7.8CVSS
5.5AI Score
0.0004EPSS
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before...
7.5CVSS
7.5AI Score
0.001EPSS
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before...
7.5CVSS
7.5AI Score
0.001EPSS
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk...
6.8CVSS
6.4AI Score
0.001EPSS
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing...
4.6CVSS
4.7AI Score
0.001EPSS
An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local...
6.2CVSS
5.3AI Score
0.0004EPSS
The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection...
6.7CVSS
6.4AI Score
0.0004EPSS
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention...
9.8CVSS
9.5AI Score
0.002EPSS
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus...
9.8CVSS
9.4AI Score
0.002EPSS
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention...
9.1CVSS
8.8AI Score
0.0005EPSS
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build...
7.1CVSS
4AI Score
0.0004EPSS
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux...
7.3CVSS
7.1AI Score
0.001EPSS
The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to....
7.8CVSS
7.5AI Score
0.0004EPSS
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build...
7.3CVSS
6.7AI Score
0.0004EPSS
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
7.1CVSS
6.6AI Score
0.0004EPSS
Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
7.1CVSS
6.7AI Score
0.0004EPSS
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
5.5CVSS
4AI Score
0.0004EPSS
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build...
7.1CVSS
6.7AI Score
0.0004EPSS
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
5.5CVSS
5.3AI Score
0.0004EPSS
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
5.5CVSS
5.3AI Score
0.0004EPSS
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
7.1CVSS
6.9AI Score
0.0004EPSS
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
5.5CVSS
5.3AI Score
0.0004EPSS
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build...
7.1CVSS
6.7AI Score
0.0004EPSS
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
5.5CVSS
5.3AI Score
0.0004EPSS
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build...
5.5CVSS
4AI Score
0.0004EPSS
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build...
5.5CVSS
4.7AI Score
0.0004EPSS
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
5.5CVSS
6.9AI Score
0.0004EPSS
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
7.8CVSS
5.8AI Score
0.0004EPSS
Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management -...
8.4CVSS
7.6AI Score
0.0004EPSS
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the...
5.5CVSS
5.4AI Score
0.0004EPSS
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file...
7CVSS
6.8AI Score
0.0004EPSS
Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
5.5CVSS
4.7AI Score
0.0004EPSS
Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build...
5.5CVSS
6.1AI Score
0.0004EPSS
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
5.5CVSS
4AI Score
0.0004EPSS
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build...
7.5CVSS
4.6AI Score
0.001EPSS
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build...
5.5CVSS
6AI Score
0.0004EPSS
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build...
7.8CVSS
8.8AI Score
0.0004EPSS
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build...
7.5CVSS
4.7AI Score
0.001EPSS
Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege...
5.7CVSS
5.4AI Score
0.0004EPSS
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure...
7.8CVSS
7.5AI Score
0.0004EPSS
Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged...
7.8CVSS
7.7AI Score
0.0004EPSS
Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before...
9CVSS
7.5AI Score
0.001EPSS
Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before...
8.1CVSS
8AI Score
0.001EPSS
6.3CVSS
4.6AI Score
0.0004EPSS
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first...
7.8CVSS
7.6AI Score
0.0004EPSS
An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...
7.8CVSS
7.6AI Score
0.001EPSS
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first...
7.8CVSS
7.6AI Score
0.0004EPSS
An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...
7.8CVSS
7.6AI Score
0.001EPSS