CVE-2021-28271

{"id": "CVE-2021-28271", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-04-27T13:15:08.373", "references": [{"url": "https://www.exploit-db.com/exploits/49678", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/49678", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group."}, {"lang": "es", "value": "Soyal Technologies SOYAL versi\u00f3n 701Server 9.0.1, sufre de una vulnerabilidad de escalada de privilegios que puede ser usada por un usuario autenticado para cambiar el archivo ejecutable con una opci\u00f3n binaria. La vulnerabilidad es debido a permisos inapropiados con el flag \"F\" (Full) para el grupo \"Everyone\" y \"Authenticated Users\""}], "lastModified": "2024-11-21T05:59:24.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:soyal:701clientsql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D87218FA-E4CB-4013-936D-2E2EABE5A081", "versionEndExcluding": "10.2", "versionStartIncluding": "10.0"}, {"criteria": "cpe:2.3:a:soyal:701server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B852C725-1128-4D4D-B991-BA07AB1B9A8B", "versionEndIncluding": "9.0.2"}, {"criteria": "cpe:2.3:a:soyal:701serversql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59788149-3C92-4A5F-81AB-9F320ED4CD33", "versionEndExcluding": "10.2", "versionStartIncluding": "10.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}