Vulnerability Details CVE-2017-20021
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 7.5
References
Products affected by CVE-2017-20021
-
cpe:2.3:h:solar-log:solar-log_1000:-
-
cpe:2.3:h:solar-log:solar-log_1000_pm+:-
-
cpe:2.3:h:solar-log:solar-log_1200:-
-
cpe:2.3:h:solar-log:solar-log_2000:-
-
cpe:2.3:h:solar-log:solar-log_250:-
-
cpe:2.3:h:solar-log:solar-log_300:-
-
cpe:2.3:h:solar-log:solar-log_500:-
-
cpe:2.3:h:solar-log:solar-log_800e:-
-
cpe:2.3:o:solar-log:solar-log_1000_firmware:2.8.4-56
-
cpe:2.3:o:solar-log:solar-log_1000_firmware:3.5.2-85
-
cpe:2.3:o:solar-log:solar-log_1000_pm+_firmware:2.8.4-56
-
cpe:2.3:o:solar-log:solar-log_1000_pm+_firmware:3.5.2-85
-
cpe:2.3:o:solar-log:solar-log_1200_firmware:2.8.4-56
-
cpe:2.3:o:solar-log:solar-log_1200_firmware:3.5.2-85
-
cpe:2.3:o:solar-log:solar-log_2000_firmware:2.8.4-56
-
cpe:2.3:o:solar-log:solar-log_2000_firmware:3.5.2-85
-
cpe:2.3:o:solar-log:solar-log_250_firmware:2.8.4-56
-
cpe:2.3:o:solar-log:solar-log_250_firmware:3.5.2-85
-
cpe:2.3:o:solar-log:solar-log_300_firmware:2.8.4-56
-
cpe:2.3:o:solar-log:solar-log_300_firmware:3.5.2-85
-
cpe:2.3:o:solar-log:solar-log_500_firmware:2.8.4-56
-
cpe:2.3:o:solar-log:solar-log_500_firmware:3.5.2-85
-
cpe:2.3:o:solar-log:solar-log_800e_firmware:2.8.4-56
-
cpe:2.3:o:solar-log:solar-log_800e_firmware:3.5.2-85