Log File Write Permission Bypass Vulnerability in Heysoft EventSave and EventSave+

Log File Write Permission Bypass Vulnerability in Heysoft EventSave and EventSave+

CVE-2002-1869 · LOW Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer.

Learn more about our Web Application Penetration Testing UK.