8.4
CVE-2021-27285
- EPSS 0.35%
- Veröffentlicht 06.01.2025 22:15:07
- Zuletzt bearbeitet 05.09.2025 14:10:52
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Inspur ≫ Clusterengine Version4.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.263 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
https://github.com/fjh1997/CVE-2021-27285