Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Performance Co-Pilot (PCP)

Source

secalert@redhat.com

CVE-2024-45770 details

Published : Sept. 19, 2024, 9:15 a.m.
Last Modified : Sept. 19, 2024, 2:15 p.m.

Description

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

CVSS Score

1	2	3	4.4	5	6	7	8	9	10

Weakness

Weakness	Name	Description
CWE-59	Improper Link Resolution Before File Access ('Link Following')	The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

Base Score

4.4

Exploitability Score

1.8

Impact Score

2.5

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References

URL	Source
https://access.redhat.com/errata/RHSA-2024:6837	secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:6840	secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:6842	secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:6843	secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:6844	secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:6846	secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:6847	secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:6848	secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2024-45770	secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2310451	secalert@redhat.com

This website uses the NVD API, but is not approved or certified by it.

CVE-2024-45770