Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 03/11/2023 Updated: 09/11/2023

CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8

VMScore: 0

In swtpm prior to 0.4.2 and 0.5.x prior to 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.

Vulnerable Product	Search on Vulmon	Subscribe to Product
swtpm project swtpm
swtpm project swtpm 0.5.0

An potential symbolic link following issue has been found in swtpm before 051 ...

CWE-59 https://bugzilla.suse.com/show_bug.cgi?id=1198395 https://github.com/stefanberger/swtpm/releases/tag/v0.4.2 https://github.com/stefanberger/swtpm/releases/tag/v0.5.1 https://nvd.nist.gov https://security.archlinux.org/CVE-2020-28407

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-28407

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect