Vulnerability in 1e Client

CVE-2020-16268

The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disabl…

EPSS: 0.013 (67.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

  • 1e Client — versions 4.1.0.267, 5.0.0.745
  • N/a — versions n/a

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2020-16268?
CVE-2020-16268 is a high-severity vulnerability in 1e Client, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 8.8/10. Published 2020-12-29.
How severe is CVE-2020-16268?
High severity. CVSS v3 base score is 8.8 out of 10.