MidnightBSD

Advisories for comparex

CVE-2018-19233 LOW

COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-798,

Products Affected

Vendor Product Version
comparex miss_marple *
CVE-2018-19234 HIGH

The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-494,

Products Affected

Vendor Product Version
comparex miss_marple *