CVE-2021-44035 — MEDIUM (4.4)

Vulnerability Description

Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wolterskluwer	Teammate Audit Management	12.4

References

https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-44035
https://excellium-services.com/cert-xlm-advisory/CVE-2021-44035Third Party Advisory
https://www.wolterskluwer.com/en/solutions/teammateProduct
https://excellium-services.com/cert-xlm-advisory/CVE-2021-44035Third Party Advisory
https://www.wolterskluwer.com/en/solutions/teammateProduct

FAQ

What is CVE-2021-44035?

CVE-2021-44035 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files.

How severe is CVE-2021-44035?

CVE-2021-44035 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-44035?

Check the references section above for vendor advisories and patch information. Affected products include: Wolterskluwer Teammate Audit Management.