Knowledge Base - Security Updates on Vulnerabilities

 

Elevation of Privilege

This document explains the CVE-2019-12133 privilege-elevation vulnerability that have been reported.

Vulnerability ID : CVE-2019-12133
Update Release build : 90059 
Update Release Date : 26-July-2019
Reported by: Hashim Jawad from ACTIVELabs

 

What was the problem?

Improper permissions of C:\ManageEngine directory which allowed non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM.

How to fix it?

These vulnerabilities have been identified and fixed. To apply the fix, follow the steps mentioned below:

    1. Go to Service pack
    2. Download and upgrade the latest build.

 

Keywords: Query Execution, Security Updates, Vulnerabilities and Fixes.