vulnerability
SUSE: CVE-2020-15397: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Jun 30, 2020 | Aug 15, 2020 | Oct 22, 2021 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Jun 30, 2020
Added
Aug 15, 2020
Modified
Oct 22, 2021
Description
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).
Solutions
suse-upgrade-hylafaxsuse-upgrade-hylafax-clientsuse-upgrade-libfaxutil7_0_3
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.