QwikSec

Security Database

CVE

CWE

Training

CVE-2024-36495

Published: Jun 24, 2024

Modified: Feb 13, 2025

PUBLISHED

Description

The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd

Vendor	Product	Versions
Faronics	WINSelect (Standard + Enterprise)	unaffected `8.30.xx.903`

Weaknesses (CWE)

References

https://r.sec-consult.com/winselect

third-party-advisory

https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes

release-notes

http://seclists.org/fulldisclosure/2024/Jun/12

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.