Privilege Escalation in CA eHealth Performance Manager by CA Technologies
CVE-2021-28246
7.8HIGH
What is CVE-2021-28246?
The CA eHealth Performance Manager is subject to a privilege escalation vulnerability that allows an attacker to execute code as the ehealth user. This occurs through the creation of a malicious library within a writable RPATH, which is dynamically linked when the 'emtgtctl2' executable runs. It is particularly important to note that this issue affects products no longer supported by the vendor, potentially increasing the risk for organizations still utilizing these outdated versions.