You have not given any consents yet.

YSoft SAFEQ FlexiSpooler Local Privilege Escalation Vulnerability




Assigning CNA: Mitre 


CVSS:3.1 8.2/7.4 


MITRE CVE-2021-31859 

Affected Versions: YSoft SAFEQ 6 FlexiSpooler versions prior to Build 57. 

Base Score Metrics 


Attack Vector: Local 


Attack Complexity: Low 


Privileges Required: Low 


User Interaction: Required 


Scope: Changed 


Impact Metrics: 


Confidentiality: High 


Integrity: High 


Availability: High 


Temporal Score Metrics 


Exploit Code Maturity: Proof of concept code 


Remediation Level: Official fix 


Report Confidence: Confirmed 


Executive Summary 


An improper file permissions issue exists in YSoft SAFEQ FlexiSpooler at install time.  A user who successfully exploited this vulnerability could gain SYSTEM level access to a local workstation. Customers are advised to upgrade to YSoft SAFEQ 6 FlexiSpooler Build 57 or later. If an upgrade is not possible at this time, customers with software support can contact Y Soft to receive a script to fix the file permissions issue.