CVE-2021-20713

Published: May 24, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain administrative privileges via unspecified vectors. As a result, sensitive information may be altered/obtained or unintended operations may be performed.

Affected (3)

Products: Qualitysoft: Qnd

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Qualitysoft Qnd	Up to 11.0.4i
Qualitysoft Qnd	Up to 11.0.4i
Qualitysoft Qnd	Up to 11.0.4i

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://jvn.jp/en/jp/JVN74686032/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.qualitysoft.com/product/qnd_vulnerabilities_2021/

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN74686032/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.qualitysoft.com/product/qnd_vulnerabilities_2021/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.