Lucene search

TR-CERTCVELIST:CVE-2021-3855

HistoryFeb 24, 2023 - 1:02 p.m.

CVE-2021-3855 Command Injection in Liman Central Management System

2023-02-2413:02:08

CWE-77

TR-CERT

www.cve.org

cve-2021-3855

command injection

liman central management system.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

38.4%

JSON

Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.

CNA Affected

[
  {
    "collectionURL": "https://github.com/limanmys",
    "defaultStatus": "unaffected",
    "modules": [
      "HTTP/Controllers",
      "CronMail",
      "Jobs"
    ],
    "packageName": "Liman MYS",
    "product": "Liman Central Management System",
    "repo": "https://github.com/limanmys",
    "vendor": "Liman Central Management System",
    "versions": [
      {
        "lessThan": "1.8.3-462",
        "status": "affected",
        "version": "1.7.0",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.liman.dev/baslangic/guvenlik

www.usom.gov.tr/bildirim/tr-23-0109

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

38.4%

JSON

Related for CVELIST:CVE-2021-3855