{"api_version":"1","generated_at":"2026-07-08T06:15:27+00:00","cve":"CVE-2019-18245","urls":{"html":"https://cve.report/CVE-2019-18245","api":"https://cve.report/api/cve/CVE-2019-18245.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-18245","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-18245"},"summary":{"title":"CVE-2019-18245","description":"Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2019-12-11 23:15:00","updated_at":"2019-12-17 19:06:00"},"problem_types":["CWE-428"],"metrics":[],"references":[{"url":"https://www.us-cert.gov/ics/advisories/icsa-19-337-01","name":"https://www.us-cert.gov/ics/advisories/icsa-19-337-01","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Reliable Controls LicenseManager | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-18245","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18245","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"18245","vulnerable":"1","versionEndIncluding":"3.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"reliablecontrols","cpe5":"rc-licensemanager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-18245","ASSIGNER":"ics-cert@hq.dhs.gov","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Reliable Controls LicenseManager","version":{"version_data":[{"version_value":"Versions 3.4 and prior"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"UNQUOTED SEARCH PATH OR ELEMENT CWE-428"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.us-cert.gov/ics/advisories/icsa-19-337-01","url":"https://www.us-cert.gov/ics/advisories/icsa-19-337-01"}]},"description":{"description_data":[{"lang":"eng","value":"Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application."}]}},"nvd":{"publishedDate":"2019-12-11 23:15:00","lastModifiedDate":"2019-12-17 19:06:00","problem_types":["CWE-428"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:reliablecontrols:rc-licensemanager:*:*:*:*:*:*:*:*","versionEndIncluding":"3.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"18245","Ordinal":"158619","Title":"CVE-2019-18245","CVE":"CVE-2019-18245","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"18245","Ordinal":"1","NoteData":"Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"18245","Ordinal":"2","NoteData":"2019-12-11","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"18245","Ordinal":"3","NoteData":"2019-12-11","Type":"Other","Title":"Modified"}]}}}