Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cloud | Fabasoft | - (including) | - (including) |
| Cloud_enterprise_client | Fabasoft | 23.3.0.130 (including) | 23.3.0.130 (including) |
| Folio_/_egov-suite | Fabasoft | 2021-update_rollup_3 (including) | 2021-update_rollup_3 (including) |
| Folio_/_egov-suite | Fabasoft | 2022 (including) | 2022 (including) |
| Folio_/_egov-suite | Fabasoft | 2022-update_rollup_3 (including) | 2022-update_rollup_3 (including) |
| Folio_/_egov-suite | Fabasoft | 2023 (including) | 2023 (including) |
| Folio_/_egov-suite | Fabasoft | 2023-update_rollup_1 (including) | 2023-update_rollup_1 (including) |
References
- https://help.supportservices.fabasoft.com/index.php?topic=doc/Vulnerabilities-Fabasoft-Folio/vulnerabilities-2023.htm#client-autoupdate-harmful-code-installation-vulnerability-pdo06614-
- https://www.compass-security.com/fileadmin/Research/Advisories/2023_01_CSNC-2023-002_LPE_Cloud_Client.txt
- https://help.supportservices.fabasoft.com/index.php?topic=doc/Vulnerabilities-Fabasoft-Folio/vulnerabilities-2023.htm#client-autoupdate-harmful-code-installation-vulnerability-pdo06614-
- https://www.compass-security.com/fileadmin/Research/Advisories/2023_01_CSNC-2023-002_LPE_Cloud_Client.txt