Lucene search

THA-PSIRTCVELIST:CVE-2021-42809

HistoryDec 20, 2021 - 8:19 p.m.

CVE-2021-42809 The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library

2021-12-2020:19:09

CWE-913

THA-PSIRT

www.cve.org

cve-2021-42809

thales sentinel protection installer

dll access control

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

30.8%

JSON

Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "Sentinel Protection Installer",
    "vendor": "Thales",
    "versions": [
      {
        "lessThanOrEqual": "7.7.0",
        "status": "affected",
        "version": "7.7.0",
        "versionType": "custom"
      }
    ]
  }
]

References

cpl.thalesgroup.com/fr/software-monetization/security-updates

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

30.8%

JSON

Related for CVELIST:CVE-2021-42809