Vulnerability Details CVE-2021-28271
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://www.exploit-db.com/exploits/49678
- https://www.zeroscience.mk/en/vulnerabilities
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php
- https://www.exploit-db.com/exploits/49678
- https://www.zeroscience.mk/en/vulnerabilities
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php
Products affected by CVE-2021-28271
-
cpe:2.3:a:soyal:701clientsql:10.0
-
cpe:2.3:a:soyal:701server:8.0.6
-
cpe:2.3:a:soyal:701server:9.0.2
-
cpe:2.3:a:soyal:701serversql:10.0