Vulnerabilities > Ixpdata > Easyinstall > 6.2.13723
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2019-19898 | Insufficiently Protected Credentials vulnerability in Ixpdata Easyinstall 6.2.13723 In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely. | 7.5 |
| 2020-01-23 | CVE-2019-19897 | OS Command Injection vulnerability in Ixpdata Easyinstall 6.2.13723 In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. | 9.8 |
| 2020-01-23 | CVE-2019-19896 | Incorrect Default Permissions vulnerability in Ixpdata Easyinstall 6.2.13723 In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. | 9.9 |
| 2020-01-23 | CVE-2019-19895 | Incorrect Permission Assignment for Critical Resource vulnerability in Ixpdata Easyinstall 6.2.13723 In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. | 7.8 |
| 2020-01-23 | CVE-2019-19894 | Incorrect Permission Assignment for Critical Resource vulnerability in Ixpdata Easyinstall 6.2.13723 In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. | 5.5 |
| 2020-01-23 | CVE-2019-19893 | Path Traversal vulnerability in Ixpdata Easyinstall 6.2.13723 In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM. | 7.5 |