vendor:
PBS Pro
by:
Bartlomiej Balcerek
7.5
CVSS
HIGH
Insecure Temporary File Creation
377
CWE
Product Name: PBS Pro
Affected Version From: Prior to PBS Pro 10.4
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:altair_engineering:pbs_pro
Platforms Tested:
Altair Engineering PBS Pro Insecure Temporary File Creation
The Altair Engineering PBS Pro software creates temporary files in an insecure manner. An attacker with local access can exploit this vulnerability to perform symbolic-link attacks, allowing them to overwrite arbitrary files in the context of the affected application. Successful exploitation may result in denial of service or other attacks.
Mitigation:
Upgrade to PBS Pro 10.4 or later to mitigate this vulnerability. Additionally, ensure that the software is running with the least privileges necessary.