The Inventory module of the 1E Client 5.0.0.745 doesn't...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Dec 29, 2020
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Jan 29, 2023
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.
References