Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13532 | 1 Dreamreport | 1 Dream Report | 2022-07-30 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-13534 | 1 Dreamreport | 1 Dream Report | 2022-07-30 | 6.8 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-13533 | 1 Dreamreport | 1 Dream Report | 2022-07-30 | 4.4 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application. | |||||