CVE-2021-45223

Опубликовано: 24 янв. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes.

Ссылки

https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview
Patch
Product
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-028.txt
Exploit
Third Party Advisory
https://www.syss.de/pentest-blog/multiple-schwachstellen-im-coins-construction-cloud-erp-syss-2021-028/-029/-030/-031/-051/-052/-053
Third Party Advisory
https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview
Patch
Product
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-028.txt
Exploit
Third Party Advisory
https://www.syss.de/pentest-blog/multiple-schwachstellen-im-coins-construction-cloud-erp-syss-2021-028/-029/-030/-031/-051/-052/-053
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:coins-global:coins_construction_cloud:11.12:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00537

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-frvx-4gh2-28f9