Auvesy Mdt

auvesy-mdt

7 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Autosave For System Platform

autosave_for_system_platform

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-32961 1Auvesy Mdt 2Autosave Autosave For System Platform Nov 21, 2024 Apr 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip com...Show more A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities.Show less
CVE-2021-32957 1Auvesy Mdt 2Autosave Autosave For System Platform Nov 21, 2024 Apr 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML....Show more A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking.Show less
CVE-2021-32953 1Auvesy Mdt 2Autosave Autosave For System Platform Nov 21, 2024 Apr 1, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login.
CVE-2021-32949 1Auvesy Mdt 2Autosave Autosave For System Platform Nov 21, 2024 Apr 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a ma...Show more An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file.Show less
CVE-2021-32945 1Auvesy Mdt 2Autosave Autosave For System Platform Nov 21, 2024 Apr 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06.
CVE-2021-32937 1Auvesy Mdt 2Autosave Autosave For System Platform Nov 21, 2024 Apr 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malici...Show more An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated.Show less
CVE-2021-32933 1Auvesy Mdt 2Autosave Autosave For System Platform Nov 21, 2024 Apr 1, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be...Show more An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process.Show less