Vulnerabilities

CVE-2020-12608

by Fred · 07/05/2020

An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%SolarWinds MSPSolarWinds.MSP.CacheServiceconfig. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.

Date published : 2020-05-07

http://seclists.org/fulldisclosure/2020/May/23

http://packetstormsecurity.com/files/157591/SolarWinds-MSP-PME-Cache-Service-Insecure-File-Permissions-Code-Execution.html

Similar

Tags: Cybersecurity Alert