CVE-2021-42534

Опубликовано: 22 окт. 2021

Источник: nvd

CVSS3: 6.3

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsa-21-292-02
Third Party Advisory
US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-292-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:trane:tracer_sc_firmware:*:*:*:*:*:*:*:*

Версия до 3.8 (включая)

cpe:2.3:h:trane:tracer_sc:-:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00301

Низкий

6.3 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-mx7v-jfp8-4wr2

github

больше 3 лет назад

The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.

EPSS

Процентиль: 53%

0.00301

Низкий

6.3 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79