CVE-2019-6333

MEDIUM

Touchpoint Analytics < 4.1.4.2827 - Uncontrolled Search Path

Title source: rule

Description

A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service.

References (2)

[Various Sources] https://safebreach.com/Post/HP-Touchpoint-Analytics-DLL-Search-Order-Hijacking-Potential-Abuses-CVE-2019-6333

[Vendor Advisory] https://support.hp.com/us-en/document/c06463166

Scores

CVSS v3 6.7

EPSS 0.0007

EPSS Percentile 20.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

hp/touchpoint_analytics < 4.1.4.2827

Timeline

Published Oct 11, 2019

Tracked Since Feb 18, 2026