) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): ControlUp
- Search Type: Search All
- CPE Name Search: false
There are 3 matching records.
Displaying matches 1 through 3.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-27905 |
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this. Published: April 27, 2022; 10:15:09 AM -0400 |
V3.1: 7.2 HIGH V2.0: 9.0 HIGH |
| CVE-2021-45912 |
An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method. Published: January 04, 2022; 11:15:09 AM -0500 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
| CVE-2021-45913 |
A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel. Published: January 04, 2022; 10:15:07 AM -0500 |
V3.1: 7.2 HIGH V2.0: 9.0 HIGH |