CVE-2022-25804

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. Insecure permissions for the serverconfig registry key under JavaSoft\Prefs\de\igel\rm\config in HKEYLOCALMACHINE\SOFTWARE allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the U...

CVE-2021-28100

Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process...