- Description
- DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:datev:nutzungskontrolle:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBFEA466-8594-4386-B805-28290A7055BD"
},
{
"criteria": "cpe:2.3:a:datev:nutzungskontrolle:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DF8323D-FE0F-42AA-90CE-063C2613D3A9"
}
],
"operator": "OR"
}
]
}
]