CVE-2021-26908

Beschreibung:
Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization’s security program. The issue has since been fixed in version 31 of the Automox Agent.

CWE: CWE-532 CWE-312

CVSS-Bewertung
CVSS 2: LOW – 2.1 (Version: 2.0)
CVSS 3: LOW – 3.3 (Version: 3.1)

Links:

NVD – CVE-2021-26908
CVE – CVE-2021-26908

Link (max. 20) Quelle Tags
https://community.automox.com/t/cve-2021-26908-and-cve-201-26909-automox-agent-information-disclosure-vulnerabilities-fixed/1955 CONFIRM Vendor Advisory Third Party Advisory VDB Entry
https://www.rapid7.com/blog/post/2021/04/13/cve-2021-26908-and-cve-2021-26909-automox-agent-information-disclosure-fixed/ MISC Third Party Advisory Third Party Advisory
N/A CONFIRM Patch Third Party Advisory
N/A CONFIRM Patch Third Party Advisory
FEDORA-2021-e3d8833d36 FEDORA
FEDORA-2021-de850ed71e FEDORA
FEDORA-2021-88d24aa32b FEDORA
[oss-security] 20210509 [CVE-2021-22204] ExifTool – Arbitrary code execution in the DjVu module when parsing a malicious image MLIST
[oss-security] 20210510 Re: [CVE-2021-22204] ExifTool – Arbitrary code execution in the DjVu module when parsing a malicious image MLIST

Quelle: NVD – CVE-2021-26908
Datum Veröffentlichung: 2021-04-23T16:15Z, Datum letzte Änderung: 2021-05-05T19:16Z