Fortra Digital Guardian Agent Uninstaller Cross Site Scripting / UninstallKey Cached

The uninstaller in Fortra Digital Guardian Agent versions prior to 7.9.4 suffers from a cross site scripting vulnerability. Additionally, the Agent Uninstaller handles sensitive data insecurely and caches the Uninstall key in memory. This key can be used to stop or uninstall the application. This allows a locally authenticated attacker with administrative privileges to disable the application temporarily or even remove the application from the system completely.

agent application cross site scripting data digital digital guardian fortra guardian key locally memory scripting sensitive sensitive data uninstall vulnerability