Lucene search

KrcertCVELIST:CVE-2021-26619

HistoryFeb 18, 2022 - 5:50 p.m.

CVE-2021-26619 BigFileAgent arbitrary file Deleting vulnerability

2022-02-1817:50:59

CWE-22

krcert

www.cve.org

path traversal

arbitrary file deletion

remote attackers

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

60.8%

JSON

An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent. Remote attackers can use this vulnerability to delete arbitrary files of unspecified number of users.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "BigFileAgent",
    "vendor": "Bluetree Co., Ltd",
    "versions": [
      {
        "lessThanOrEqual": "1.0.1.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36457

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

60.8%

JSON

Related for CVELIST:CVE-2021-26619