CVE-2021-38696

EUVD-2021-25135
SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to access signature files on the application without any authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
softvibesaraban
1.1
𝑥
= Vulnerable software versions
References
http://www.infoma.net/index.php/saraban/
https://orangeo.tech/post/2021/12/24/First-CVEs.html
https://play.google.com/store/apps/details?id=th.co.softvibe.saraban&hl=en&gl=US
https://sawatdee.github.io/post/2021/12/24/First-CVEs.html
http://www.infoma.net/index.php/saraban/
https://orangeo.tech/post/2021/12/24/First-CVEs.html
https://play.google.com/store/apps/details?id=th.co.softvibe.saraban&hl=en&gl=US
https://sawatdee.github.io/post/2021/12/24/First-CVEs.html