COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| comparex | miss_marple | * |
The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-494,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| comparex | miss_marple | * |