CVE-2021-42540

High

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic…

icscert·CWE-123·Published 2021-10-22

CVSS

8.8

EPSS

0.01

KEV

Exploits

cve.orgen

193 chars

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.

NVDen

193 chars

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.

NVDes

235 chars

El producto afectado es vulnerable a una carpeta de extracción no saneada para la configuración del sistema. Un usuario con pocos privilegios puede aprovechar esta lógica para sobrescribir la configuración y otras funcionalidades clave

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.0	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.0	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	8.0	2.1	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H