Vulnerability Details CVE-2021-38469
Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.1%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 4.3
References
Products affected by CVE-2021-38469
-
cpe:2.3:a:auvesy:versiondog:4.0.0
-
cpe:2.3:a:auvesy:versiondog:4.5.0
-
cpe:2.3:a:auvesy:versiondog:5.0.0
-
cpe:2.3:a:auvesy:versiondog:5.5.0
-
cpe:2.3:a:auvesy:versiondog:6.0.0
-
cpe:2.3:a:auvesy:versiondog:6.5.0
-
cpe:2.3:a:auvesy:versiondog:6.5.1
-
cpe:2.3:a:auvesy:versiondog:6.5.2
-
cpe:2.3:a:auvesy:versiondog:7.0.0
-
cpe:2.3:a:auvesy:versiondog:7.0.1
-
cpe:2.3:a:auvesy:versiondog:7.0.2
-
cpe:2.3:a:auvesy:versiondog:7.5.0