Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-37195

Опубликовано: 11 янв. 2022
Источник: nvd
CVSS3: 6.1
CVSS2: 2.6
EPSS Низкий

Описание

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
Версия до 10.2 (включая)
cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
Версия от 10.3 (включая) до 10.3.3.2.14 (исключая)
cpe:2.3:a:siemens:comos:4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 54%
0.00317
Низкий

6.1 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-80
CWE-79

Связанные уязвимости

github логотип

GHSA-2w4f-8m3p-jrxr

CVSS3: 6.1
github
почти 4 года назад

A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment.

EPSS

Процентиль: 54%
0.00317
Низкий

6.1 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-80
CWE-79