CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-27198

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1970%
EPSS Percentile40.15th
Published2021年2月26日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system.

Affected Platforms (CPE)

📦
Visualware

Myconnection Server

< 11.1a

References & Advisories

🔗 http://packetstormsecurity.com/files/161571/VisualWare-MyConnection-Server-11.x-Remote-Code-Execution.html
🔗 http://seclists.org/fulldisclosure/2021/Feb/81
🔗 https://myconnectionserver.visualware.com/download.html
🔗 https://myconnectionserver.visualware.com/support/newrelease.html
🔗 https://www.securifera.com/advisories/cve-2021-27198/
🔗 http://packetstormsecurity.com/files/161571/VisualWare-MyConnection-Server-11.x-Remote-Code-Execution.html
🔗 http://seclists.org/fulldisclosure/2021/Feb/81
🔗 https://myconnectionserver.visualware.com/download.html

相关漏洞威胁

CVE-2021-275097.5

In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code.

CVE-2014-51134.3

Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to i...

CVE-2015-20434.3

Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitr...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...