Vulnerability Description
PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. In this scenario, the compromised account may have inherited read access to sensitive configuration, database, and log files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Portswigger | Burp Suite | <= 2021.11 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://portswigger.net/burp/releases/enterprise-edition-2021-11?requestededitioRelease NotesVendor Advisory
- https://portswigger.net/burp/releases/enterprise-edition-2021-11?requestededitioRelease NotesVendor Advisory
FAQ
What is CVE-2021-44230?
CVE-2021-44230 is a vulnerability with a CVSS score of 6.5 (MEDIUM). PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an ...
How severe is CVE-2021-44230?
CVE-2021-44230 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-44230?
Check the references section above for vendor advisories and patch information. Affected products include: Portswigger Burp Suite, Microsoft Windows.