Saltosystem Proaccess Space vulnerabilities
3 known vulnerabilities affecting saltosystem/proaccess_space.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-19459P2CRITICALCVSS 9.8≤ 5.52019-12-03
CVE-2019-19459 [CRITICAL] CVE-2019-19459: An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.
nvd
CVE-2019-19458P3HIGHCVSS 8.6≤ 5.52019-12-03
CVE-2019-19458 [HIGH] CWE-22 CVE-2019-19458: SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
nvd
CVE-2019-19460P4MEDIUMCVSS 5.5≤ 5.52019-12-03
CVE-2019-19460 [MEDIUM] CVE-2019-19460: An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is
nvd