CVE-2021-28271

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
soyal701clientsql
10.0 ≤
𝑥
< 10.2
soyal701server
𝑥
≤ 9.0.2
soyal701serversql
10.0 ≤
𝑥
< 10.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.exploit-db.com/exploits/49678
https://www.zeroscience.mk/en/vulnerabilities
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php
https://www.exploit-db.com/exploits/49678
https://www.zeroscience.mk/en/vulnerabilities
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php