In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application definitions.
CVSS 2.0
Severity: LOW
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unicon-software | rp | 5.4.0 |
| unicon-software | rp | 4.8.0 |
| unicon-software | rp | 5.3.0 |
| unicon-software | rp | 4.5.0 |
| unicon-software | rp | 4.7.0 |
| unicon-software | rp | 5.4.1 |
| unicon-software | rp | 5.2.0 |
| unicon-software | rp | 4.10.0 |
| unicon-software | rp | 5.0.0 |
| unicon-software | rp | 4.11.3 |
| unicon-software | rp | 4.0.1 |
| unicon-software | rp | 4.11.0 |
| unicon-software | rp | 4.6.0 |
| unicon-software | rp | 5.1.0 |
| unicon-software | rp | 4.4.0 |
| unicon-software | rp | 4.7.1 |
| unicon-software | rp | 4.9.0 |
| unicon-software | rp | 4.2 |
| unicon-software | rp | 4.11.1 |
| unicon-software | rp | 4.11.5 |
| unicon-software | rp | * |
The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unicon-software | elux | * |