CVE-2021-28271

Published: Apr 27, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.

Affected (3)

Products: Soyal: 701clientsql, 701server, 701serversql

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Soyal 701clientsql	From 10.0 to 10.2
Soyal 701server	Up to 9.0.2
Soyal 701serversql	From 10.0 to 10.2

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (6)

https://www.exploit-db.com/exploits/49678

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.zeroscience.mk/en/vulnerabilities

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/49678

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.zeroscience.mk/en/vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.