Published: 22/11/2019 Updated: 20/07/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an malicious user to inject commands that will execute with local user privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp thinpro 6.2
hp thinpro 6.2.1
hp thinpro 7.0
hp thinpro 7.1

Potential security vulnerabilities have been identified with certain versions of HP ThinPro components that may allow unauthorized information disclosure, privilege escalation, and arbitrary code execution ...

HP ThinPro versions 71, 70, 621, and 62 suffer from a privileged command injection vulnerability ...

CWE-78 https://support.hp.com/us-en/document/c06509350 http://seclists.org/fulldisclosure/2020/Mar/40 http://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html https://nvd.nist.gov https://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html https://support.hp.com//us-en/document/c06509350

CVE-2019-18910

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect