PT-2021-14839 · Unknown · Dream Report Ods Remote Connector
Yuri Kramarz
·
Published
2021-12-08
·
Updated
2022-10-24
·
CVE-2021-21957
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dream Report ODS Remote Connector version 20.2.16900.0
Description
A privilege escalation issue exists in the Remote Server functionality due to a specially-crafted command injection, which can lead to elevated capabilities. An attacker can trigger this issue by providing a malicious file.
Recommendations
For Dream Report ODS Remote Connector version 20.2.16900.0, consider restricting access to the Remote Server functionality until a patch is available. As a temporary workaround, avoid using the Remote Server functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dream Report Ods Remote Connector