An insufficient configuration of the service allows an extension of the rights on the system level.
Vulnerability in DATEV
Twitter
LinkedIn
Facebook
CVE
Vulnerability type
Privilege Escalation
Pentester
Florian Hansemann
Publication
01.08.2022
Software version
Both the Update Manager up to version 5.8.0.2300 and DFL up to version 12.5.1001.5 are affected by this vulnerability.
Timeline
– 22.06.2021 Manufacturer informs
– 24.06.2021 Appointment for queries
– 05.07.2021 Queries and further procedure
– 01.08.2021 Update
– 16.08.2021 Publication
