Lucene search

CrafterCVELIST:CVE-2021-23267

HistoryMay 16, 2022 - 5:05 p.m.

CVE-2021-23267 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

2022-05-1617:05:25

CWE-913

crafter

www.cve.org

crafter studio

crafter cms

os commands

freemarker static methods

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.

CNA Affected

[
  {
    "product": "Crafter CMS",
    "vendor": "Crafter Software",
    "versions": [
      {
        "lessThanOrEqual": "3.1.17",
        "status": "affected",
        "version": "3.1",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051603

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Related for CVELIST:CVE-2021-23267