CVEs
CVEs for PowerShell Universal.
Last updated
Was this helpful?
CVEs for PowerShell Universal.
Last updated
Was this helpful?
Please report vulnerabilities to Ironman Software. To learn about our vulnerability response policy, .
Due to an authorization issue with the PowerShell Universal v5.3.x's gRPC service registration, a remote attacker can access the server using the Universal PowerShell module without authentication.
Version 4.5.x and 5.x.x are vulnerable to an information disclosure through directory traversal when using PowerShell Universal published folders. Systems that do not have this feature configured, are not affected. If authenticated published folders are configured, the attacker will need to be authenticated.
This exploit allows an attacker to expose information of the affected system, depending on system configuration.
Version 5.0.0 through 5.0.11 are vulnerable to an exploit that allows an authenticated attacker to elevate their privileges and view job information.
This exploit allows an authenticated attacker to take control of the platform via a vulnerability in the admin console.