Vulnerability Description
AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Monitorapp | Application Insight Manager | >= b107, < b115 |
| Monitorapp | Application Insight Web Application Firewall | - |
Related Weaknesses (CWE)
References
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0022/Third Party Advisory
- https://github.com/monitorapp-aicc/report/wiki/CVE-2021-36982Third Party Advisory
- https://www.monitorapp.com/waf/ProductVendor Advisory
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0022/Third Party Advisory
- https://github.com/monitorapp-aicc/report/wiki/CVE-2021-36982Third Party Advisory
- https://www.monitorapp.com/waf/ProductVendor Advisory
FAQ
What is CVE-2021-36982?
CVE-2021-36982 is a vulnerability with a CVSS score of 8.1 (HIGH). AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parame...
How severe is CVE-2021-36982?
CVE-2021-36982 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-36982?
Check the references section above for vendor advisories and patch information. Affected products include: Monitorapp Application Insight Manager, Monitorapp Application Insight Web Application Firewall.