Vulnerability Details CVE-2021-36982
AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.8%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 9.3
References
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0022/FEYE-2021-0022.md
- https://github.com/monitorapp-aicc/report/wiki/CVE-2021-36982
- https://www.monitorapp.com/waf/
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0022/FEYE-2021-0022.md
- https://github.com/monitorapp-aicc/report/wiki/CVE-2021-36982
- https://www.monitorapp.com/waf/
Products affected by CVE-2021-36982
-
cpe:2.3:a:monitorapp:application_insight_manager:b107
-
cpe:2.3:a:monitorapp:application_insight_web_application_firewall:-