CVE-2021-28271

Beschreibung:
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the ‚F‘ flag (Full) for ‚Everyone’and ‚Authenticated Users‘ group.

CWE: CWE-276 CWE-78

CVSS-Bewertung
CVSS 2: MEDIUM – 6.5 (Version: 2.0)
CVSS 3: HIGH – 8.8 (Version: 3.1)

Links:

NVD – CVE-2021-28271
CVE – CVE-2021-28271

Link (max. 20) Quelle Tags
Exploit Database EXPLOIT-DB Exploit Third Party Advisory VDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php MISC Exploit Third Party Advisory VDB Entry
https://www.zeroscience.mk/en/vulnerabilities MISC Exploit Third Party Advisory VDB Entry
[oss-security] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI MLIST Mailing List Patch Third Party Advisory
[ofbiz-dev] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI MLIST Mailing List Vendor Advisory Vendor Advisory
[ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07 MLIST Mailing List Patch Vendor Advisory
[announce] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI MLIST Mailing List Vendor Advisory Vendor Advisory
[announce] 20210427 [CVE-2021-30128] Unsafe deserialization in OFBiz MLIST Mailing List Mitigation Vendor Advisory

Quelle: NVD – CVE-2021-28271
Datum Veröffentlichung: 2021-04-27T13:15Z, Datum letzte Änderung: 2021-05-07T16:18Z