Vulnerabilities > CVE-2022-38176 - Unspecified vulnerability in Ysoft Safeq 6.0

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

ysoft

NVD

Published: 2022-09-06

Updated: 2024-11-01

Summary

An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859.

Vulnerable Configurations

Part	Description	Count
Application	Ysoft Ysoft Safeq 6.0	41

References

https://ysoft.com
https://www.ysoft.com/en/legal/ysoft-safeq-client-v3-local-privilege-escalation