CVE Vulnerabilities

CVE-2012-4767

Improper Privilege Management

Published: Jan 13, 2020 | Modified: Jan 21, 2020
CVSS 3.x
6.1
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVSS 2.x
3.6 LOW
AV:L/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine.

Weakness

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Data_protector_agent Safend 3.4.5586.9772 3.4.5586.9772

Potential Mitigations

References