Security Vulnerabilities - CVEs Published In July 2021
SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed.
CVSS Score
5.7
EPSS Score
0.001
Published
2021-07-13
SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed.
CVSS Score
5.7
EPSS Score
0.001
Published
2021-07-13
SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed.
CVSS Score
5.7
EPSS Score
0.001
Published
2021-07-13
SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies.
CVSS Score
3.5
EPSS Score
0.001
Published
2021-07-13
Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-07-13
Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-07-13
An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeed_Mnt/FileUpload_Upd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remote input from an authenticated user, leading to the ability for arbitrary files to be written to arbitrary filesystem locations via ../ Directory Traversal on the Z: drive (a hard-coded drive letter where ShareCare application files reside) and remote code execution as the ShareCare service user (NT AUTHORITY\SYSTEM).
CVSS Score
8.8
EPSS Score
0.017
Published
2021-07-13
An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParse_Sup/UnzipFile_Upd.cfm is susceptible to a command argument injection vulnerability when processing remote input in the zippass parameter from an authenticated user, leading to the ability to inject arbitrary arguments to 7z.exe.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-07-13
An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on the server filesystems as well any files accessible via Universal Naming Convention (UNC) paths.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-07-13
An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-07-13