CyberSec.Space Logo
Back to CVE Browser

CVE-2021-32953

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1250%
EPSS Percentile41.39th
PublishedApr 1, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login.

Affected Platforms (CPE)

📦
Auvesy Mdt

Autosave

< 6.02.06
📦
Auvesy Mdt

Autosave

>= 7.00 and <= 7.04
📦
Auvesy Mdt

Autosave For System Platform

< 4.01
📦
Auvesy Mdt

Autosave For System Platform

= 5.00

References & Advisories

🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02
🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02

Related Vulnerabilities

CVE-2021-3293310.0

An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in M...

CVE-2020-369177.5

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to i...

CVE-2021-333237.5

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix ...

CVE-2021-329377.5

An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSa...