CVE-2020-10616
UNCONTROLLED SEARCH PATH ELEMENT CWE-427
SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.
Risk Information
- CVE ID
- CVE-2020-10616
- Vendor
- Opto22
- Product
- SoftPAC
- CVSS v3
- 6.5