Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00113Percentile:
0.30828
CVSS Scoring
CVSS v3.1 Score: 3.3
Severity: LOW
Mapped CWE(s)
CWE-667
: Improper Locking
All CAPEC(s)
CAPEC-25 : Forced Deadlock
CAPEC-26 : Leveraging Race Conditions
CAPEC-27 : Leveraging Race Conditions via Symbolic Links
CAPEC(s) with Mapped TTPs
CAPEC-25 : Forced Deadlock
Mapped TTPs:
T1499.004
: Application or System Exploitation
Mapped ATT&CK TTPs
T1499.004
: Application or System Exploitation
Kill Chain: impact
Malware
APTs Threat Group Associations
Campaigns
Affected Products
cpe:2.3:a:heysoft:eventsave:5.1:*:*:*:*:*:*:*
cpe:2.3:a:heysoft:eventsave:5.2:*:*:*:*:*:*:*
cpe:2.3:a:heysoft:eventsave\+:5.1:*:*:*:*:*:*:*
cpe:2.3:a:heysoft:eventsave\+:5.2:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me