A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | RedHat | pcp-0:5.3.7-22.el8_10 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | pcp-0:5.0.2-9.el8_2 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | pcp-0:5.2.5-8.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | pcp-0:5.2.5-8.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | pcp-0:5.2.5-8.el8_4 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | pcp-0:5.3.5-10.el8_6 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | pcp-0:5.3.5-10.el8_6 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | pcp-0:5.3.5-10.el8_6 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | pcp-0:5.3.7-19.el8_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | pcp-0:6.2.0-5.el9_4 | * |
| Red Hat Enterprise Linux 9 | RedHat | pcp-0:6.2.2-7.el9_5 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | pcp-0:5.3.5-10.el9_0 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | pcp-0:6.0.1-8.el9_2 | * |
| Pcp | Ubuntu | upstream | * |