A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
Metrics
Affected Vendors & Products
References
History
Tue, 12 Nov 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 19 Sep 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6 |
Thu, 19 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 19 Sep 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel Aus
Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus |
|
CPEs | cpe:/o:redhat:enterprise_linux:9 |
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/a:redhat:rhel_eus:8.8::appstream cpe:/a:redhat:rhel_eus:9.2::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
Vendors & Products |
Redhat rhel Aus
Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus |
|
References |
|
|
Thu, 19 Sep 2024 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 19 Sep 2024 09:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges. | |
Title | Pcp: pmpost symlink attack allows escalating pcp to root user | |
First Time appeared |
Redhat
Redhat enterprise Linux |
|
Weaknesses | CWE-59 | |
CPEs | cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-09-19T08:45:37.303Z
Updated: 2024-11-24T18:15:46.569Z
Reserved: 2024-09-06T14:56:44.790Z
Link: CVE-2024-45770
Vulnrichment
Updated: 2024-09-19T13:39:21.666Z
NVD
Status : Awaiting Analysis
Published: 2024-09-19T09:15:02.613
Modified: 2024-11-12T18:15:35.643
Link: CVE-2024-45770
Redhat