CVE-2021-28271

Sažetak

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.

Reference

https://www.exploit-db.com/exploits/49678
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php
https://www.zeroscience.mk/en/vulnerabilities

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

23-09-2021 - 14:27

Objavljeno

27-04-2021 - 13:15