4 matches found
Serious vulnerabilities found in ITarian software, patches available for SaaS products
Dutch research group DIVD has identified multiple vulnerabilities in ITarian products. In cooperation with DIVD, ITarian has made patches available to deal with these vulnerabilities for its SaaS platform. Software as a service SaaS is a software distribution model in which a cloud provider hosts...
CVE-2022-25153
The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup...
CVE-2022-25153
The CVE-2022-25153 entry concerns the ITarian Endpoint Manage Communication Client. Affected software prior to version 6.43.41148.21120 is compiled with insecure OpenSSL settings, enabling a low-privilege attacker to escalate to SYSTEM by abusing an insecure openssl.conf lookup. Patches exist: up...
CVE-2022-25153 ITarian - Local privilege escalation in Endpoint Manager agent on Windows
The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup...