CVE-2021-28271

EUVD-2021-14960
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
soyal701clientsql
10.0 ≤
𝑥
< 10.2
soyal701server
𝑥
≤ 9.0.2
soyal701serversql
10.0 ≤
𝑥
< 10.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.exploit-db.com/exploits/49678
https://www.zeroscience.mk/en/vulnerabilities
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php
https://www.exploit-db.com/exploits/49678
https://www.zeroscience.mk/en/vulnerabilities
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php