9.3
CVE-2021-21956
- EPSS 1.27%
- Veröffentlicht 14.04.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 05:49:18
- Quelle talos-cna@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cloudlinux ≫ Imunify360 Version5.8
Cloudlinux ≫ Imunify360 Version5.9
Cloudlinux ≫ Imunify360 Version5.10.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.27% | 0.659 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| talos-cna@cisco.com | 8.2 | 1.8 | 5.8 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1383