9.1
CVE-2021-38471
- EPSS 1.04%
- Veröffentlicht 22.10.2021 12:15:08
- Zuletzt bearbeitet 21.11.2024 06:17:11
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginAUVESY Versiondog
There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Auvesy ≫ Versiondog Version < 8.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.04% | 0.595 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
| ics-cert@hq.dhs.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://us-cert.cisa.gov/ics/advisories/icsa-21-292-01