4 matches found
CVE-2022-38176
YSoft SAFEQ 6 before 6.0.72 contains an installer privilege issue for the Client V3 services. The root cause is incorrect privileges configured in the installer package, enabling local privilege escalation by overwriting the executable via an alternate data stream. Impact is local, with high conf...
CVE-2021-31859
CVE-2021-31859 affects YSoft SafeQ 6 MU55 FlexiSpooler (version 6.0.55). The vulnerability is described as incorrect privileges in the MU55 FlexiSpooler service that enables local privilege escalation by overwriting the executable file via an alternate data stream. The available documents confirm...
CVE-2022-23861
CVE-2022-23861 affects YSoft SAFEQ 6 Build 53. The vulnerability is Multiple Stored Cross-Site Scripting (XSS) in the SafeQ web interface, caused by lack of output sanitization in multiple input fields, allowing arbitrary JavaScript execution for users accessing the web UI. Connected sources corr...
CVE-2022-23862
CVE-2022-23862 affects Y Soft SAFEQ 6 Build 53. The SafeQ JMX service on port 9696 is vulnerable to JMX MLet attacks because authentication was not enforced and the service ran under NT AUTHORITY\System, enabling an attacker to execute arbitrary code and escalate to SYSTEM locally. Public PoC and...