CVE-2021-36982

Опубликовано: 12 авг. 2021

Источник: nvd

CVSS3: 8.1

CVSS2: 9.3

EPSS Низкий

Описание

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request.

Ссылки

https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0022/FEYE-2021-0022.md
Third Party Advisory
https://github.com/monitorapp-aicc/report/wiki/CVE-2021-36982
Third Party Advisory
https://www.monitorapp.com/waf/
Product
Vendor Advisory
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0022/FEYE-2021-0022.md
Third Party Advisory
https://github.com/monitorapp-aicc/report/wiki/CVE-2021-36982
Third Party Advisory
https://www.monitorapp.com/waf/
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:monitorapp:application_insight_manager:*:*:*:*:*:*:*:*

Версия от b107 (включая) до b115 (исключая)

cpe:2.3:a:monitorapp:application_insight_web_application_firewall:-:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00985

Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-3rv5-ggwr-m2p2

github

больше 3 лет назад