Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.5
CVE-2021-47974: VX Search 13.5.28 allows local attackers to escalate privileges
CVE-2021-47974
Summary
The VX Search Server and Enterprise services in VX Search 13.5.28 have a security weakness. This means that someone with access to the local machine can potentially gain elevated access to the system. To fix this, update to a newer version of VX Search that has this issue resolved.
Original title
VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place ...
Original description
VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search to execute arbitrary code with LocalSystem privileges when services restart.
nvd CVSS3.1
7.8
nvd CVSS4.0
8.5
Vulnerability type
CWE-428
Published: 16 May 2026 · Updated: 23 May 2026 · First seen: 16 May 2026