Possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262305; Issue ID: ALPS07262305. Session Management – There is a possible insecure session management issue due to lack of Session.setForwarder/backwarder functionality. This could lead to session hijacking. Patch ID: ALPS07262305; Issue ID: ALPS07262305.
Kernel – There are two possible kernel vulnerabilities due to improper input sanitization. Both of these vulnerabilities could lead to remote code execution. Both of the vulnerabilities are rated as critical. Patch ID: ALPS07262305; Issue ID: ALPS07262305.
– There are two possible kernel vulnerabilities due to improper input sanitization. Both of these vulnerabilities could lead to remote code execution. Both of the vulnerabilities are rated as critical. Patch ID: ALPS07262305; Issue ID: ALPS07262305. Session Management – There is a possible insecure session management issue due to lack of Session.request/release functionality. This could lead to session hijacking. Patch ID: ALPS07262305; Issue ID: ALPS07262305.
It is basically impossible to protect against all attack vectors. Hence, it is always recommended to follow a least privilege approach, where each user
What is the software vulnerable?
One of the vulnerabilities is an improper input sanitization issue in kernel. One of these vulnerabilities could lead to remote code execution. This vulnerability is rated as critical. The other vulnerability is a session management issue in kernel. One of these vulnerabilities could lead to session hijacking. This vulnerability is also rated as critical.
Timeline
Published on: 10/07/2022 20:15:00 UTC
Last modified on: 10/11/2022 16:13:00 UTC