CVE-2016-5087

MEDIUM

Alertus Desktop Notification For OS X < 2.9.30.1700 - Access Control

Title source: rule

Description

Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations.

References (2)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/302544

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/BLUU-A9TJHR

Scores

CVSS v3 4.4

EPSS 0.0022

EPSS Percentile 44.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Classification

CWE

CWE-264

Status draft

Affected Products (1)

alertus/alertus_desktop_notification_for_os_x < 2.9.30.1700

Timeline

Published Jun 26, 2016

Tracked Since Feb 18, 2026