Vulnerability Description
SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attackers to upload files with any file extension which can lead to arbitrary code execution.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Softvibe | Saraban | 1.1 |
Related Weaknesses (CWE)
References
- http://www.infoma.net/index.php/saraban/Product
- https://orangeo.tech/post/2021/12/24/First-CVEs.htmlExploitThird Party AdvisoryURL Repurposed
- https://play.google.com/store/apps/details?id=th.co.softvibe.saraban&hl=en&gl=USProduct
- https://sawatdee.github.io/post/2021/12/24/First-CVEs.htmlExploitThird Party Advisory
- http://www.infoma.net/index.php/saraban/Product
- https://orangeo.tech/post/2021/12/24/First-CVEs.htmlExploitThird Party AdvisoryURL Repurposed
- https://play.google.com/store/apps/details?id=th.co.softvibe.saraban&hl=en&gl=USProduct
- https://sawatdee.github.io/post/2021/12/24/First-CVEs.htmlExploitThird Party Advisory
FAQ
What is CVE-2021-38697?
CVE-2021-38697 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attackers to upload files with any file extension which can lead to arbitrary code execution.
How severe is CVE-2021-38697?
CVE-2021-38697 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-38697?
Check the references section above for vendor advisories and patch information. Affected products include: Softvibe Saraban.