Skip to main content

Improper Preservation of Permissions

CVE-2018-12989

Severity Medium
Score 6.7/10

Summary

The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.

  • LOW
  • LOCAL
  • HIGH
  • UNCHANGED
  • NONE
  • HIGH
  • HIGH
  • HIGH

CWE-281 - Improper Preservation of Permissions

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References

Advisory Timeline

  • Published