Vulnerability in 1e Client
CVE-2020-16268
The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disabl…
EPSS: 0.013 (67.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- 1e Client — versions 4.1.0.267, 5.0.0.745
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-16268?
- CVE-2020-16268 is a high-severity vulnerability in 1e Client, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 8.8/10. Published 2020-12-29.
- How severe is CVE-2020-16268?
- High severity. CVSS v3 base score is 8.8 out of 10.