cvedb.io
CVE-2022-34866
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2022-07-20T07:15:09.113 · Last modified 2026-06-17T04:51:03.897

Summary

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the product is running.

Affected products

yrl — passage_drive

Does this affect you?

Add your gear to cvedb and we'll alert you only when yrl ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.