Vulnerability Description
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Soyal | 701Clientsql | >= 10.0, < 10.2 |
| Soyal | 701Server | <= 9.0.2 |
| Soyal | 701Serversql | >= 10.0, < 10.2 |
Related Weaknesses (CWE)
References
- https://www.exploit-db.com/exploits/49678ExploitThird Party AdvisoryVDB Entry
- https://www.zeroscience.mk/en/vulnerabilitiesExploitThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.phpExploitThird Party Advisory
- https://www.exploit-db.com/exploits/49678ExploitThird Party AdvisoryVDB Entry
- https://www.zeroscience.mk/en/vulnerabilitiesExploitThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.phpExploitThird Party Advisory
FAQ
What is CVE-2021-28271?
CVE-2021-28271 is a vulnerability with a CVSS score of 8.8 (HIGH). Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulner...
How severe is CVE-2021-28271?
CVE-2021-28271 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28271?
Check the references section above for vendor advisories and patch information. Affected products include: Soyal 701Clientsql, Soyal 701Server, Soyal 701Serversql.