CVE-2021-22000

VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having VMware ThinApp installed on it.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
vmwarethinapp
5.2 ≤
𝑥
< 5.2.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/163521/VMware-ThinApp-DLL-Hijacking.html
http://seclists.org/fulldisclosure/2021/Jul/35
https://www.vmware.com/security/advisories/VMSA-2021-0015.html
http://packetstormsecurity.com/files/163521/VMware-ThinApp-DLL-Hijacking.html
http://seclists.org/fulldisclosure/2021/Jul/35
https://www.vmware.com/security/advisories/VMSA-2021-0015.html