CVE-2021-41382

EUVD-2021-28410
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
plasticscmplastic_scm
𝑥
< 10.0.16.5622
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/164531/Plastic-SCM-10.0.16.5622-Improper-Access-Control.html
http://packetstormsecurity.com/files/164531/Plastic-SCM-10.0.16.5622-Insecure-Direct-Object-Reference.html
https://www.plasticscm.com/download/releasenotes/10.0.16.5622
http://packetstormsecurity.com/files/164531/Plastic-SCM-10.0.16.5622-Improper-Access-Control.html
http://packetstormsecurity.com/files/164531/Plastic-SCM-10.0.16.5622-Insecure-Direct-Object-Reference.html
https://www.plasticscm.com/download/releasenotes/10.0.16.5622