📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global vulnerability Information Technology CRITICAL 1h Global phishing Multiple Sectors HIGH 1h Global vulnerability Technology/Software HIGH 2h Global general Multiple sectors MEDIUM 4h Global phishing Telecommunications and Financial Services HIGH 4h Global data_breach Utilities and Critical Infrastructure HIGH 20h Global vulnerability Technology/Software MEDIUM 1d Global malware Multiple sectors (general) HIGH 1d Global apt Government CRITICAL 2d Global apt Critical Infrastructure / Nuclear Energy CRITICAL 2d Global vulnerability Information Technology CRITICAL 1h Global phishing Multiple Sectors HIGH 1h Global vulnerability Technology/Software HIGH 2h Global general Multiple sectors MEDIUM 4h Global phishing Telecommunications and Financial Services HIGH 4h Global data_breach Utilities and Critical Infrastructure HIGH 20h Global vulnerability Technology/Software MEDIUM 1d Global malware Multiple sectors (general) HIGH 1d Global apt Government CRITICAL 2d Global apt Critical Infrastructure / Nuclear Energy CRITICAL 2d Global vulnerability Information Technology CRITICAL 1h Global phishing Multiple Sectors HIGH 1h Global vulnerability Technology/Software HIGH 2h Global general Multiple sectors MEDIUM 4h Global phishing Telecommunications and Financial Services HIGH 4h Global data_breach Utilities and Critical Infrastructure HIGH 20h Global vulnerability Technology/Software MEDIUM 1d Global malware Multiple sectors (general) HIGH 1d Global apt Government CRITICAL 2d Global apt Critical Infrastructure / Nuclear Energy CRITICAL 2d
Vulnerabilities

CVE-2022-50904

High
Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquo
CWE-428 — Weakness Type
Published: Jan 13, 2026  ·  Modified: Feb 28, 2026  ·  Source: NVD
CVSS v3
8.4
🔗 NVD Official
📄 Description (English)

Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup.

🤖 AI Executive Summary

Wondershare UBackit 2.0.5 contains a critical unquoted service path vulnerability (CVE-2022-50904) allowing local attackers to execute arbitrary code with SYSTEM privileges. The wsbackup service fails to properly quote its executable path, enabling privilege escalation attacks. This vulnerability affects organizations using UBackit for backup operations and poses significant risk to data confidentiality and system integrity.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 24, 2026 16:04
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations in banking, government, and healthcare sectors that utilize Wondershare UBackit for backup and disaster recovery operations. Financial institutions under SAMA oversight and government agencies under NCA jurisdiction face elevated risk of unauthorized system access and data exfiltration. Energy sector organizations (ARAMCO, utilities) and telecommunications providers (STC, Mobily) managing critical infrastructure backups are particularly vulnerable. The privilege escalation capability enables attackers to bypass security controls and access sensitive operational data.
🏢 Affected Saudi Sectors
Banking and Financial Services Government and Public Administration Healthcare and Medical Services Energy and Utilities Telecommunications Oil and Gas Critical Infrastructure
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Identify all systems running Wondershare UBackit 2.0.5 across your organization

2. Restrict local access to systems running the vulnerable version through access controls

3. Monitor wsbackup service for suspicious activity and unexpected process spawning



PATCHING:

1. Upgrade Wondershare UBackit to version 2.0.6 or later immediately

2. Verify patch installation by checking service path configuration in Windows Registry (HKLM\SYSTEM\CurrentControlSet\Services\wsbackup)

3. Restart the wsbackup service after patching



COMPENSATING CONTROLS (if immediate patching not possible):

1. Disable or remove Wondershare UBackit if not actively required

2. Implement strict file system permissions on the installation directory

3. Use AppLocker or Windows Defender Application Control to restrict executable execution from the UBackit directory

4. Implement privileged access management (PAM) to monitor and control service account activities



DETECTION:

1. Monitor Event Viewer for Service Control Manager events (Event ID 7045) related to wsbackup

2. Implement file integrity monitoring on C:\Program Files\Wondershare\UBackit\ directory

3. Alert on any process execution from unexpected paths with SYSTEM privileges

4. Monitor registry modifications to HKLM\SYSTEM\CurrentControlSet\Services\wsbackup
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تعمل بـ Wondershare UBackit 2.0.5 في المنظمة

2. تقييد الوصول المحلي للأنظمة التي تعمل بالإصدار الضعيف من خلال عناصر التحكم في الوصول

3. مراقبة خدمة wsbackup للنشاط المريب وتوليد العمليات غير المتوقعة



تطبيق التصحيحات:

1. ترقية Wondershare UBackit إلى الإصدار 2.0.6 أو أحدث فوراً

2. التحقق من تثبيت التصحيح بفحص تكوين مسار الخدمة في سجل Windows (HKLM\SYSTEM\CurrentControlSet\Services\wsbackup)

3. إعادة تشغيل خدمة wsbackup بعد التصحيح



عناصر التحكم البديلة (إذا لم يكن التصحيح الفوري ممكناً):

1. تعطيل أو إزالة Wondershare UBackit إذا لم تكن مطلوبة بنشاط

2. تطبيق أذونات نظام الملفات الصارمة على دليل التثبيت

3. استخدام AppLocker أو Windows Defender Application Control لتقييد تنفيذ الملفات القابلة للتنفيذ من دليل UBackit

4. تطبيق إدارة الوصول المميز (PAM) لمراقبة والتحكم في أنشطة حسابات الخدمة



الكشف:

1. مراقبة Event Viewer لأحداث Service Control Manager (Event ID 7045) المتعلقة بـ wsbackup

2. تطبيق مراقبة سلامة الملفات على دليل C:\Program Files\Wondershare\UBackit\

3. تنبيه عند تنفيذ أي عملية من مسارات غير متوقعة بامتيازات SYSTEM

4. مراقبة تعديلات السجل على HKLM\SYSTEM\CurrentControlSet\Services\wsbackup
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Policies and procedures for access control A.5.2.1 - User registration and de-registration A.5.3.1 - Access rights review A.8.1.1 - Information security awareness and training A.12.2.1 - Change management procedures A.12.6.1 - Management of technical vulnerabilities
🔵 SAMA CSF
ID.AM-2 - Software inventory and management PR.AC-1 - Access control policy and procedures PR.PT-2 - Removable media protection DE.CM-3 - Personnel activity monitoring RS.MI-2 - Incident response and management
🟡 ISO 27001:2022
A.5.1.1 - Policies for information security A.6.1.1 - Information security roles and responsibilities A.8.1.1 - Awareness and training A.12.2.1 - Change management A.12.6.1 - Management of technical vulnerabilities A.14.2.1 - Secure development policy
🟣 PCI DSS v4.0
Requirement 2.2 - Configuration standards for system components Requirement 6.2 - Security patches and updates Requirement 11.2 - Vulnerability scanning
📊 CVSS Score
8.4
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorL — Low / Local
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityH — High
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score8.4
CWECWE-428
EPSS0.02%
Exploit No
Patch ✓ Yes
Published 2026-01-13
Source Feed nvd
Views 4
🇸🇦 Saudi Risk Score
8.2
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-428
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.