Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-0012

Summary
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At-12 Jan, 2022 | 17:30
Updated At-17 Sep, 2024 | 01:55
Rejected At-
Credits

Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability

An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:palo_alto
Assigner Org ID:d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At:12 Jan, 2022 | 17:30
Updated At:17 Sep, 2024 | 01:55
Rejected At:
▼CVE Numbering Authority (CNA)
Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability

An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

Affected Products
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Cortex XDR Agent
Platforms
  • Windows
Versions
Affected
  • From 5.0 before 5.0.12 (custom)
    • -> unaffectedfrom5.0.12
  • From 7.2 before 7.2.4 (custom)
    • -> unaffectedfrom7.2.4
  • From 7.3 before 7.3.2 (custom)
    • -> unaffectedfrom7.3.2
  • From 6.1 before 6.1.9 (custom)
    • -> unaffectedfrom6.1.9
Unaffected
  • 7.4.*
  • 7.5.*
  • 7.6.*
Problem Types
TypeCWE IDDescription
CWECWE-59CWE-59 Improper Link Resolution Before File Access ('Link Following')
Type: CWE
CWE ID: CWE-59
Description: CWE-59 Improper Link Resolution Before File Access ('Link Following')
Metrics
VersionBase scoreBase severityVector
3.16.1MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions.

Configurations
Workarounds

There is no known workaround available for this issue.

Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits
Palo Alto Networks thanks Chris Au for discovering and reporting this issue.
Timeline
EventDate
Initial publication2022-01-12 00:00:00
Event: Initial publication
Date: 2022-01-12 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2022-0012
x_refsource_MISC
Hyperlink: https://security.paloaltonetworks.com/CVE-2022-0012
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2022-0012
x_refsource_MISC
x_transferred
Hyperlink: https://security.paloaltonetworks.com/CVE-2022-0012
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@paloaltonetworks.com
Published At:12 Jan, 2022 | 18:15
Updated At:19 Jan, 2022 | 19:18

An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Secondary3.16.1MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Primary2.03.6LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Type: Primary
Version: 2.0
Base score: 3.6
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:P
CPE Matches
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>cortex_xdr_agent>>Versions from 5.0(inclusive) to 5.0.12(exclusive)
cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>cortex_xdr_agent>>Versions from 6.1(inclusive) to 6.1.9(exclusive)
cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>cortex_xdr_agent>>Versions from 7.2(inclusive) to 7.2.4(exclusive)
cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>cortex_xdr_agent>>Versions from 7.3(inclusive) to 7.3.2(exclusive)
cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-59Primarynvd@nist.gov
CWE-59Secondarypsirt@paloaltonetworks.com
CWE ID: CWE-59
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-59
Type: Secondary
Source: psirt@paloaltonetworks.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.paloaltonetworks.com/CVE-2022-0012psirt@paloaltonetworks.com
Vendor Advisory
Hyperlink: https://security.paloaltonetworks.com/CVE-2022-0012
Source: psirt@paloaltonetworks.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

372Records found
CVE-2024-4454
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-7.3||HIGH
EPSS-0.10% / 28.23%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 19:13
Updated-14 Aug, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability

WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23035.

Action-Not Available
Vendor-WithSecure CorporationMicrosoft Corporation
Product-windowselements_endpoint_protectionserver_securityemail_and_server_securityclient_securityElementselements_endpoint_protection
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-1280
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-19.71% / 95.21%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:25
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-1188
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-6.06% / 90.38%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LNK Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system. The security update addresses the vulnerability by correcting the processing of shortcut LNK references.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows 10 Version 1903 for 32-bit SystemsWindows Server 2019Windows 10 Version 1709Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-1130
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.99% / 87.95%
||
7 Day CHG~0.00%
Published-29 Jul, 2019 | 14:13
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-13||Apply updates per vendor instructions.

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1703windows_server_2016windows_8.1windows_10_1709windows_10_1903windows_10_1507windows_server_1903windows_10_1809windows_server_2012windows_10_1803windows_10_1607windows_server_2019windows_rt_8.1windows_server_1803Windows 10 Version 1903 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindowsWindows ServerWindows
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-1129
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-8.70% / 92.11%
||
7 Day CHG~0.00%
Published-29 Jul, 2019 | 14:13
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-05||Apply updates per vendor instructions.

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1703windows_10_1709windows_10_1903windows_server_1903windows_10_1809windows_10_1803windows_server_2019windows_server_1803Windows 10 Version 1903 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindowsWindows ServerWindows
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-11396
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.46%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 19:06
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to obtain SYSTEM privileges. Arbitrary file creation can be achieved by abusing the SwuConfig.json file creation: an unprivileged user can replace these files by pseudo-symbolic links to arbitrary files. When an update occurs, a privileged service creates a file and sets its access rights, offering write access to the Everyone group in any directory.

Action-Not Available
Vendor-aviran/aMicrosoft Corporation
Product-windowsfree_security_suitesoftware_updatern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-52537
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 2.09%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 07:26
Updated-04 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowsdock_wd19_firmware_update_utilitylinux_kerneldock_wd22tb4_firmware_update_utilitydock_hd22q_firmware_update_utilityDell Client Platform BIOS
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-1074
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 50.88%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 18:56
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could potentially access unauthorized information. The update addresses this vulnerability by not allowing symbolic links in these scenarios., aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1082.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-40143
Matching Score-6
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-6
Assigner-Trend Micro, Inc.
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 18:01
Updated-03 Aug, 2024 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex One
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-1069
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-31.93% / 96.66%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-05||Apply updates per vendor instructions.
Task Scheduler Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2016windows_server_1903windows_server_2019windows_10_1809windows_10_1803windows_10_1703windows_10_1607windows_10_1903windows_server_1803windows_10_1709Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows Server, version 1903 (Server Core installation)Windows 10 Version 1803Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1803 (Server Core Installation)Windows Server 2019Windows 10 Version 1903 for x64-based SystemsWindows Server 2016Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 10 Version 1709Windows 10 Version 1703Windows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1709 for 32-bit Systemswindows_server_2016windows_10windows_server_2019Task Scheduler
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-0572
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-6.32% / 90.59%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0573, CVE-2019-0574.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows Server 2019Windows 10Windows 10 ServersWindows Server 2016
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-49107
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.41% / 60.29%
||
7 Day CHG+0.11%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WmsRepair Service Elevation of Privilege Vulnerability

WmsRepair Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_10_1507windows_11_24h2windows_server_2025windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 10 Version 22H2Windows 10 Version 1809Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 1607Windows Server 2016Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows Server 2022Windows 11 version 22H2Windows Server 2019Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-49051
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.58% / 67.88%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PC Manager Elevation of Privilege Vulnerability

Microsoft PC Manager Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-pc_managerMicrosoft PC Manager
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-0936
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.38%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 18:17
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0734.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-0574
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-5.40% / 89.74%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows Server 2019Windows 10Windows 10 ServersWindows Server 2016
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-25146
Matching Score-6
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-6
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.23%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 22:19
Updated-05 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Trend Micro IncorporatedMicrosoft Corporation
Product-apex_onewindowsTrend Micro Apex One
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-28225
Matching Score-6
Assigner-Yandex N.V.
ShareView Details
Matching Score-6
Assigner-Yandex N.V.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 19:10
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.

Action-Not Available
Vendor-yandexn/aMicrosoft Corporation
Product-windowsyandex_browserYandex Browser (Desktop)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-26612
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.33%
||
7 Day CHG-0.01%
Published-07 Apr, 2022 | 18:20
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file write in FileUtil#unpackEntries on Windows

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-windowshadoopApache Hadoop
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-43470
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.62% / 68.96%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_network_watcher_agentAzure Network Watcher VM Extension
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-43603
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.25%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:36
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Collector Service Denial of Service Vulnerability

Visual Studio Collector Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019visual_studio_2017visual_studio_2022visual_studioMicrosoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2015 Update 3Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.11
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-43551
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.70% / 71.01%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Storage Elevation of Privilege Vulnerability

Windows Storage Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 11 Version 24H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 1607Windows 11 version 22H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows 11 Version 23H2Windows 11 version 21H2Windows 11 version 22H3
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-21919
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.50% / 64.73%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-16||Apply updates per vendor instructions.
Windows User Profile Service Elevation of Privilege Vulnerability

Windows User Profile Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1909windows_7windows_10_20h2windows_10_1607windows_server_20h2windows_server_2022windows_server_2008windows_server_2016windows_11_21h2windows_10_1809windows_10_21h2windows_10_21h1windows_8.1windows_rt_8.1windows_10_1507windows_server_2019Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows 11 version 21H2Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1909Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2022Windows Server version 20H2Windows Server 2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 Service Pack 1Windows 7Windows 10 Version 21H1Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-21999
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-72.78% / 98.72%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1909windows_7windows_10_20h2windows_10_1607windows_server_20h2windows_server_2022windows_server_2008windows_server_2016windows_11_21h2windows_10_1809windows_10_21h2windows_10_21h1windows_8.1windows_rt_8.1windows_10_1507windows_server_2019Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows 11 version 21H2Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1909Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2022Windows Server version 20H2Windows Server 2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 Service Pack 1Windows 7Windows 10 Version 21H1Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-1834
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.04% / 11.12%
||
7 Day CHG~0.00%
Published-09 Nov, 2018 | 00:00
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-21895
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.93% / 75.10%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows User Profile Service Elevation of Privilege Vulnerability

Windows User Profile Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_serverwindows_server_2012windows_8.1windows_10windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 20H2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-1781
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.04% / 12.03%
||
7 Day CHG-0.00%
Published-09 Nov, 2018 | 00:00
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-21838
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 60.16%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cleanup Manager Elevation of Privilege Vulnerability

Windows Cleanup Manager Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-1780
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.43%
||
7 Day CHG-0.00%
Published-09 Nov, 2018 | 00:00
Updated-16 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-32050
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.12% / 32.01%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-0799
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.68% / 70.63%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-0029
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.57%
||
7 Day CHG~0.00%
Published-14 Sep, 2022 | 16:35
Updated-04 Jun, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File

An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.

Action-Not Available
Vendor-Microsoft CorporationPalo Alto Networks, Inc.
Product-windowscortex_xdr_agentCortex XDR Agent
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-0017
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-7||HIGH
EPSS-0.12% / 31.39%
||
7 Day CHG~0.00%
Published-10 Feb, 2022 | 18:10
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation

An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms.

Action-Not Available
Vendor-Palo Alto Networks, Inc.Microsoft Corporation
Product-globalprotectwindowsGlobalProtect App
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-43238
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.19%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Elevation of Privilege Vulnerability

Windows Remote Access Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-4287
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5||MEDIUM
EPSS-0.38% / 58.61%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 10:32
Updated-11 Apr, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ReFirm Labs binwalk Archive Extraction extractor.py symlink

A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.

Action-Not Available
Vendor-ReFirm LabsMicrosoft Corporation
Product-binwalkbinwalk
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-42297
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-0.83% / 73.55%
||
7 Day CHG~0.00%
Published-24 Nov, 2021 | 01:05
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows 10 Update Assistant Elevation of Privilege Vulnerability

Windows 10 Update Assistant Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_update_assistantWindows Update Assistant
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-43237
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.72% / 71.56%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Setup Elevation of Privilege Vulnerability

Windows Setup Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_11windows_10windows_server_2016Windows Server 2022Windows 10 Version 2004Windows 10 Version 21H2Windows Server version 2004Windows 10 Version 21H1Windows 11 version 21H2Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-41379
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.12% / 88.17%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:46
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_2004windows_10_1909windows_7windows_10_20h2windows_10_1607windows_server_20h2windows_server_2022windows_server_2008windows_server_2016windows_server_2004windows_11_21h2windows_10_1809windows_10_21h1windows_8.1windows_rt_8.1windows_10_1507windows_server_2019Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows 11 version 21H2Windows Server 2019Windows 10 Version 1909Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2022Windows Server version 20H2Windows Server 2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 Service Pack 1Windows 7Windows 10 Version 2004Windows 10 Version 21H1Windows Server version 2004Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-42056
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-2.34% / 84.22%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 16:14
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges.

Action-Not Available
Vendor-thalesgroupn/aLinux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kernelsafenet_authentication_clientn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-28916
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 71.16%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 23:31
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xbox Gaming Services Elevation of Privilege Vulnerability

Xbox Gaming Services Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-xbox_gaming_servicesXbox Gaming Services
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-24930
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 56.61%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-28 Feb, 2025 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability

Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-onedriveOneDrive for MacOS Installer
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-37969
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-7.8||HIGH
EPSS-0.72% / 71.54%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.

Action-Not Available
Vendor-Google LLCMicrosoft CorporationFedora ProjectDebian GNU/Linux
Product-chromewindowsfedoradebian_linuxChrome
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-31187
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.49% / 80.31%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows WalletService Elevation of Privilege Vulnerability

Windows WalletService Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 1803Windows 10 Version 1809Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-26887
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.49% / 64.50%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:42
Updated-19 Nov, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability

<p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.</p> <p>To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.</p> <p>This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the <strong>FAQ</strong> section of this CVE for configuration guidance.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-26862
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.47% / 63.58%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:37
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-26873
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.33% / 55.38%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:39
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows User Profile Service Elevation of Privilege Vulnerability

Windows User Profile Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-24084
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-6.29% / 90.56%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mobile Device Management Information Disclosure Vulnerability

Windows Mobile Device Management Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-34893
Matching Score-6
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-6
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.76%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 18:00
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-securitywindowsTrend Micro Security (Consumer)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-5102
Matching Score-6
Assigner-NortonLifeLock Inc.
ShareView Details
Matching Score-6
Assigner-NortonLifeLock Inc.
CVSS Score-7.3||HIGH
EPSS-0.08% / 23.87%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 16:15
Updated-01 Aug, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Elevation of Privelage via symlinked file in Avast Antivirus

A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance. This issue affects Avast Antivirus prior to 24.2.

Action-Not Available
Vendor-avastAvastMicrosoft Corporation
Product-windowsantivirusAntivirus
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-49059
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.12% / 31.57%
||
7 Day CHG+0.01%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Elevation of Privilege Vulnerability

Microsoft Office Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft Office 2016Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-43501
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.80% / 73.07%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 10 Version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows 11 version 22H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows 11 version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • 8
  • Next
Details not found