---

CVE-2020-15397 - log back

CVE-2020-15397 edited at 13 Jan 2021 21:03:26
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Privilege escalation
Description	+ HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).
References	+ https://sourceforge.net/p/hylafax/HylaFAX+/2534/
Notes

CVE-2020-15397 created at 13 Jan 2021 21:01:03