Cordaware bestinformed <= Version 18.104.22.168
A Unquoted service path in Cordaware bestinformed software allows a local attacker to potentially escalate privileges to system level.
- 15.12.2020 Vendor informed via Email
- 17.12.2020 Sending additional information to Vendor
- 18.12.2020 Calling Vendor
- 11.01.2021 Still no reply
- 14.01.2021 Disclosure because of exceeding the 30-day deadline without any actions from the vendor