Lucene search

TR-CERTCVE-2021-3855

HistoryMar 01, 2023 - 8:15 a.m.

CVE-2021-3855

2023-03-0108:15:10

CWE-77

TR-CERT

web.nvd.nist.gov

cve-2021-3855

command injection

liman central management system

vulnerability

security

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

38.4%

JSON

Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.

Affected configurations

Nvd

Node

limanport_mysRange1.7.0–1.8.3-462

VendorProductVersionCPE
limanport_mys*cpe:2.3:a:liman:port_mys:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
liman	port_mys	*	cpe:2.3:a:liman:port_mys::::::::

CNA Affected

[
  {
    "collectionURL": "https://github.com/limanmys",
    "defaultStatus": "unaffected",
    "modules": [
      "HTTP/Controllers",
      "CronMail",
      "Jobs"
    ],
    "packageName": "Liman MYS",
    "product": "Liman Central Management System",
    "repo": "https://github.com/limanmys",
    "vendor": "Liman Central Management System",
    "versions": [
      {
        "lessThan": "1.8.3-462",
        "status": "affected",
        "version": "1.7.0",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.liman.dev/baslangic/guvenlik

www.usom.gov.tr/bildirim/tr-23-0109

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

38.4%

JSON

Related for CVE-2021-3855