Lucene search

[email protected]CVE-2021-43458

HistoryApr 04, 2022 - 3:15 p.m.

CVE-2021-43458

2022-04-0415:15:09

CWE-428

[email protected]

web.nvd.nist.gov

cve

2021

43458

unquoted service path

vembu bdr 4.2.0.1

hsflowd

vembubdr360agent

vembuoffice365agent

vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.6%

JSON

An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.

Affected configurations

NVD

Node

vembubdr_suiteMatch4.2.0.1update1

CPENameOperatorVersion
vembu:bdr_suitevembu bdr suiteeq4.2.0.1

CPE	Name	Operator	Version
vembu:bdr_suite	vembu bdr suite	eq	4.2.0.1

References

exchange.xforce.ibmcloud.com/vulnerabilities/198151

github.com/M507/Miner

www.exploit-db.com/exploits/49641

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.6%

JSON

Related for CVE-2021-43458

nvd1 cvelist1 prion1 openvas1