CVE-2024-36495
June 24, 2024, 12:57 p.m.
Tags
Product(s) Impacted
Faronics WINSelect
- Standard
- Enterprise
Description
The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd
Weaknesses
CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CWE ID: 276Date
Published: June 24, 2024, 9:15 a.m.
Last Modified: June 24, 2024, 12:57 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
551230f0-3615-47bd-b7cc-93e92e730bbf
References
https://r.sec-consult.com/
551230f0-3615-47bd-b7cc-93e92e730bbf
https://www.faronics.com/
551230f0-3615-47bd-b7cc-93e92e730bbf