Fortra Digital Guardian Agent Uninstaller Cross Site Scripting / UninstallKey Cached

Secure your products with top-tier expert knowledge and advanced Penetration Testing (CREST Approved)

Let's collaborate to build and maintain secure, trustworthy products

We transform threats into trust by integrating advanced tech and expertise in product security. Our approach encompasses Security by Design, rigorous security assurance and penetration testing, and compliance through expert documentation, from design to post-market. We offer CREST-approved pen testing in EMEA, upholding top security standards.

CREST Approved in EMEA

The uninstaller in Fortra Digital Guardian Agent versions prior to 7.9.4 suffers from a cross site scripting vulnerability. Additionally, the Agent Uninstaller handles sensitive data insecurely and caches the Uninstall key in memory. This key can be used to stop or uninstall the application. This allows a locally authenticated attacker with administrative privileges to disable the application temporarily or even remove the application from the system completely.   Exploit Files ≈ Packet Storm 


More To Explore