CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-32937

HIGH
7.5
CVSS Severity Score
EPSS Score0.0260%
EPSS Percentile13.13th
Published2022年4月1日
Last Modified2024年11月21日

Vulnerability Description

An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated.

Affected Platforms (CPE)

📦
Auvesy Mdt

Autosave

< 6.02.06
📦
Auvesy Mdt

Autosave

>= 7.00 and <= 7.04
📦
Auvesy Mdt

Autosave For System Platform

< 4.01
📦
Auvesy Mdt

Autosave For System Platform

= 5.00

References & Advisories

🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02
🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02

関連する脆弱性情報

CVE-2021-3293310.0

An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in M...

CVE-2021-329539.8

An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissi...

CVE-2020-369177.5

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to i...

CVE-2021-333237.5

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix ...