Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2021-28154 | First vendor Publication | 2021-03-11 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 9.1 | ||
| Base Score | 9.1 | Environmental Score | 9.1 |
| impact SubScore | 5.2 | Temporal Score | 9.1 |
| Exploitabality Sub Score | 3.9 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 6.4 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured the app is that it does not allow any remote scripts to be opened, no unsafe scripts to be evaluated, no remote sites to be browsed. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28154 |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 13:54:52 |
|
| 2024-08-04 05:27:49 |
|
| 2024-05-17 09:28:21 |
|
| 2024-05-14 21:28:07 |
|
| 2024-04-11 09:28:23 |
|
| 2024-03-21 09:28:25 |
|
| 2023-11-07 21:35:28 |
|
| 2021-03-26 17:22:57 |
|
| 2021-03-26 12:38:38 |
|
