Unprivileged User Privilege Escalation via CAL Database in CapMon Access Manager 5.4.1.1005

CVE-2018-18254 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname.

Learn more about our User Device Pen Test.