Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NTFS Junction
Vulnerability Description
An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized files, allowing for the potential modification or deletion of sensitive files limited only to that specific directory/file object. This vulnerability is bounded to the time of installation/uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
Qualys Cloud Agent 安全漏洞
Vulnerability Description
Qualys Cloud Agent是美国Qualys公司的一个轻量级应用程序。用于实时、全球可见性和响应的单一代理。 Qualys Cloud Agent 4.8.0.31之前版本存在安全漏洞,该漏洞源于允许攻击者攻击者通过本地攻击向量将文件写入任意位置。
CVSS Information
N/A
Vulnerability Type
N/A