HIGH🇬🇧 English

CVE-2021-42797

CVSS 7.5v3.1pub. 2023-12-16upd. 2024-11-21

Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Aveva Edge

    APP
    Aveva
    2020< 2020
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2021-42796CRITICAL9.8PL ✓ten sam produkt

AVEVA Edge: nieuwierzytelnione zdalne wykonanie poleceń (RCE) w ExecuteCommand()

CVE-2018-17914CRITICAL9.8ten sam produkt

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) version...

CVE-2018-17916CRITICAL9.8ten sam produkt

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) version...

CVE-2023-33873HIGH7.8ten sam produkt

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standar...

CVE-2021-42794MEDIUM5.3ten sam produkt

An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application...