Vulnerability Details CVE-2021-42338
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2021-42338
-
cpe:2.3:a:4mosan:gcb_doctor:-
-
cpe:2.3:a:4mosan:gcb_doctor:2021-08-11
-
cpe:2.3:a:4mosan:gcb_doctor:2021-09-16