CVE-2021-27198 — CRITICAL (9.8)

Q: How severe is CVE-2021-27198?

CVE-2021-27198 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-27198?

Check the references section above for vendor advisories and patch information. Affected products include: Visualware Myconnection Server.

Vulnerability Description

An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Visualware	Myconnection Server	< 11.1a

Related Weaknesses (CWE)

CWE-434

References

http://packetstormsecurity.com/files/161571/VisualWare-MyConnection-Server-11.x-Third Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2021/Feb/81Mailing ListThird Party Advisory
https://myconnectionserver.visualware.com/download.htmlProductVendor Advisory
https://myconnectionserver.visualware.com/support/newrelease.htmlRelease NotesVendor Advisory
https://www.securifera.com/advisories/cve-2021-27198/Third Party Advisory
http://packetstormsecurity.com/files/161571/VisualWare-MyConnection-Server-11.x-Third Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2021/Feb/81Mailing ListThird Party Advisory
https://myconnectionserver.visualware.com/download.htmlProductVendor Advisory
https://myconnectionserver.visualware.com/support/newrelease.htmlRelease NotesVendor Advisory
https://www.securifera.com/advisories/cve-2021-27198/Third Party Advisory

FAQ

What is CVE-2021-27198?

CVE-2021-27198 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= ...

How severe is CVE-2021-27198?

CVE-2021-27198 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-27198?

Check the references section above for vendor advisories and patch information. Affected products include: Visualware Myconnection Server.