Lucene search

INCIBECVELIST:CVE-2021-3832

HistoryOct 07, 2021 - 1:33 p.m.

CVE-2021-3832 Integria IMS Remote Code Execution

2021-10-0713:33:19

CWE-434

INCIBE

www.cve.org

integria ims

remote code execution

file uploading

asyncupload function

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.005

Percentile

75.9%

JSON

Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.

CNA Affected

[
  {
    "product": "Integria IMS",
    "vendor": "Ártica",
    "versions": [
      {
        "status": "affected",
        "version": "5.0.92"
      }
    ]
  }
]

References

integriaims.com/en/services/updates/

www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.005

Percentile

75.9%

JSON

Related for CVELIST:CVE-2021-3832