Lucene search
TwcertCVELIST:CVE-2021-41976HistoryOct 08, 2021 - 12:00 a.m.
CVE-2021-41976 Tad Uploader - Improper Authorization
2021-10-0800:00:00
CWE-285
twcert
www.cve.org
1
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.5 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.8%
Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in.
CNA Affected
[
{
"product": "Uploader",
"vendor": "Tad",
"versions": [
{
"lessThanOrEqual": "3.5.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
Tad Uploader License Issue Vulnerability
2021-10-11 00:00:00
prion
prion
Authorization
2021-10-08 16:15:00
nvd
nvd
CVE-2021-41976
2021-10-08 16:15:08
cve
cve
CVE-2021-41976
2021-10-08 16:15:08
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.5 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.8%
Related for CVELIST:CVE-2021-41976