>

CVE-2026-5310

low

A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity. The exploitability is said to be difficult. The exploit is publicly available and might be used. Upgrading to version 8.7.4 will fix this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

2.5
cvss low
common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.
epss -
exploitation prediction scoring system. probability this vulnerability will be exploited in the wild in the next 30 days.
kev no
cisa known exploited vulnerabilities catalog. confirmed active exploitation.
CVSS 3.1 Common Vulnerability Scoring System v3.1
2.5 / 10
LOW
exploitability
Attack Vector
Local
Attack Vector (AV:L): requires local access. attacker must have shell access or physical login.
Attack Complexity
High
Attack Complexity (AC:H): exploitation requires specific conditions outside the attacker's control (race condition, non-default config, etc).
Privileges Required
Low
Privileges Required (PR:L): requires basic user-level access.
User Interaction
None
User Interaction (UI:N): no victim action needed. fully exploitable without user interaction.
impact
Scope
Unchanged
Scope (S:U): impact limited to the vulnerable component.
Confidentiality
Low
Confidentiality (C:L): limited data exposure. some restricted information can be read.
Integrity
None
Integrity (I:N): no integrity impact.
Availability
None
Availability (A:N): no availability impact.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 4.0 Common Vulnerability Scoring System v4.0
2.0 / 10
LOW
exploitability
Attack Vector
Local
Attack Vector (AV:L): requires local access. attacker must have shell access or physical login.
Attack Complexity
High
Attack Complexity (AC:H): exploitation requires specific conditions outside the attacker's control (race condition, non-default config, etc).
Attack Requirements
None
Attack Requirements (AT:N): no special deployment or execution conditions needed.
Privileges Required
Low
Privileges Required (PR:L): requires basic user-level access.
User Interaction
None
User Interaction (UI:N): no victim action needed. fully exploitable without user interaction.
vulnerable system impact
Vuln Confidentiality
Low
Confidentiality (VC:L): limited data exposure. some restricted information can be read.
Vuln Integrity
None
Integrity (VI:N): no integrity impact.
Vuln Availability
None
Availability (VA:N): no availability impact.
subsequent system impact
Sub Confidentiality
None
Subsequent Confidentiality: impact on data confidentiality of downstream/connected systems. Value: N (None)
Sub Integrity
None
Subsequent Integrity: impact on data integrity of downstream/connected systems. Value: N (None)
Sub Availability
None
Subsequent Availability: impact on service availability of downstream/connected systems. Value: N (None)
supplemental
exploit maturity: poc Exploit Maturity: has a functional exploit been observed? Attacked = actively exploited. PoC = proof-of-concept exists. Unreported = no known exploit.
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
exploit detect attrib advisory media timeline
exploitation detection attribution advisories media timeline
rdintel assessment
10 threat composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.

sign in to view full intelligence

pocs, detection rules, timeline, advisories, and more

sign in create account