CVE-2019-17445

An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:eracent:eda_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:eracent:epa_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:eracent:epm_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:eracent:eua_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:eracent:flw_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:eracent:sum_agent:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Information

Published : 2019-11-22 10:15

Updated : 2019-12-04 12:29


NVD link : CVE-2019-17445

Mitre link : CVE-2019-17445


JSON object : View

CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

Advertisement

dedicated server usa

Products Affected

eracent

  • epm_agent
  • eua_agent
  • epa_agent
  • flw_agent
  • eda_agent
  • sum_agent

linux

  • linux_kernel