CVE-2021-28250

Published: Mar 26, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Affected (1)

Products: Ca: Ehealth Performance Manager

1 product

Ehealth Performance Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ca Ehealth Performance Manager	Up to 6.3.2.12

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://n4nj0.github.io/advisories/ca-ehealth-performance-manager/

Source: cve@mitre.org

ExploitThird Party Advisory

https://n4nj0.github.io/advisories/ca-ehealth-performance-manager/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.