Skysea Client View
Monthly
Local privilege escalation in SKYSEA Client View (≤21.200.07j) and SKYMEC IT Manager (≤2024.005.10a) allows low-privileged users to execute arbitrary code with administrative privileges by exploiting insecure installation folder permissions. Attackers can write malicious files into the product directory, achieving full system compromise. EPSS score of 0.01% (2nd percentile) indicates low likelihood of widespread exploitation despite CVSS 8.5 severity. No active exploitation confirmed; CISA SSVC assessment marks exploitation status as 'none' and automatable as 'no', suggesting targeted attack potential rather than mass exploitation risk.
Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Local privilege escalation in SKYSEA Client View (≤21.200.07j) and SKYMEC IT Manager (≤2024.005.10a) allows low-privileged users to execute arbitrary code with administrative privileges by exploiting insecure installation folder permissions. Attackers can write malicious files into the product directory, achieving full system compromise. EPSS score of 0.01% (2nd percentile) indicates low likelihood of widespread exploitation despite CVSS 8.5 severity. No active exploitation confirmed; CISA SSVC assessment marks exploitation status as 'none' and automatable as 'no', suggesting targeted attack potential rather than mass exploitation risk.
Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.