Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-32933 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-10-25 | 7.5 HIGH | 9.8 CRITICAL |
An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process. | |||||
CVE-2021-32957 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking. | |||||
CVE-2021-32949 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file. | |||||
CVE-2021-32945 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06. | |||||
CVE-2021-32953 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-04-11 | 7.5 HIGH | 9.8 CRITICAL |
An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login. | |||||
CVE-2021-32961 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-04-09 | 5.0 MEDIUM | 7.5 HIGH |
A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities. | |||||
CVE-2021-32937 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated. |