CVE-2021-27198

🗓️ 26 Feb 2021 22:53:27Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 137 Views🌐 WEB

Visualware MyConnection Server before v11.1a Unauthenticated Remote Code Executio

Reporter	Title	Published	Views	Family All 11
0day.today	VisualWare MyConnection Server 11.x Remote Code Execution Vulnerability	26 Feb 202100:00	–	zdt
Circl	CVE-2021-27198	25 Oct 202316:58	–	circl
CNNVD	Visualware MyConnection Server 代码问题漏洞	26 Feb 202100:00	–	cnnvd
CNVD	Visualware MyConnection Server File Upload Vulnerability	2 Mar 202100:00	–	cnvd
Cvelist	CVE-2021-27198	26 Feb 202122:53	–	cvelist
NVD	CVE-2021-27198	26 Feb 202123:15	–	nvd
OSV	CVE-2021-27198	26 Feb 202123:15	–	osv
Packet Storm	VisualWare MyConnection Server 11.x Remote Code Execution	26 Feb 202100:00	–	packetstorm
Prion	Remote code execution	26 Feb 202123:15	–	prion
Positive Technologies	PT-2021-17317 · Visualware · Visualware Myconnection Server	26 Feb 202100:00	–	ptsecurity

NVD

Node

Source	Link
myconnectionserver	www.myconnectionserver.visualware.com/support/newrelease.html
packetstormsecurity	www.packetstormsecurity.com/files/161571/VisualWare-MyConnection-Server-11.x-Remote-Code-Execution.html
securifera	www.securifera.com/advisories/cve-2021-27198/
myconnectionserver	www.myconnectionserver.visualware.com/download.html
seclists	www.seclists.org/fulldisclosure/2021/Feb/81

Parameter	Position	Path	Description	CWE
filename	request body	/myspeed/sf	Unauthenticated arbitrary file upload leading to remote code execution via POST to /myspeed/sf	CWE-434
file	request body	/myspeed/sf	Unauthenticated arbitrary file upload leading to remote code execution via POST to /myspeed/sf	CWE-434

21 Nov 2024 05:57Current

9.7High risk

Vulners AI Score9.7

CVSS 3.19.8

CVSS 210

EPSS0.14154