7 matches found
CVE-2023-45160
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locke...
PT-2023-29442 · 1E · 1E Client Mac +1
Name of the Vulnerable Software and Affected Versions: 1E Client versions prior to the version with patch Q23094 1E Client Mac versions prior to v8.1.2.62 1E Client Mac versions between v8.1 and v23.11 exclusive Description: In the affected version of the 1E Client, an ordinary user could subvert...
PT-2023-29441 · 1E · 1E Client
Name of the Vulnerable Software and Affected Versions: 1E Client versions 8.1 through 9.0 Description: The 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the...
1E Client Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-02032)
1E Client is an agent-less endpoint management software from 1E 1E Client USA. A security vulnerability exists in 1E Client versions 5.0.0.745, 4.1.0.267, which originates in the %PROGRAMDATA%1EClient directory that allows remote authenticated and local users to create and modify files in...
1E Client Privilege Permission and Access Control Issues Vulnerability
1E Client is an agent-less endpoint management software from 1E USA. A security vulnerability exists in 1E Client version 5.0.0.745 that stems from %PROGRAMFILES%1EClientTachyon.Performance.Metrics.exe failing to handle unreferenced paths. This may allow a remote attacker to gain elevated...
1E Client Elevation of Privilege Vulnerability
1E Client is an agent-less endpoint management software from 1E 1E Client USA. An elevation of privilege vulnerability exists in 1E Client versions 4.1.0.267 and 5.0.0.745 that allows remote authenticated users and local users to gain elevated privileges via the REPAIR option. This applies to...
CVE-2020-16268
The CVE-2020-16268 entry concerns the 1E Client MSI installer (versions 4.1.0.267 and 5.0.0.745). The flaw arises when using the repair option with a Transform (MST) that can disable the Nomad module; an attacker can craft a .reg file in a specific location to write to any registry key as an elev...