PT-2021-23296 · Unknown+1 · Update Manager+2

Published

2021-09-23

Updated

2021-10-20

CVE-2021-41428

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Update Manager versions 5.8.0.2300 and earlier DFL versions 12.5.1001.5 and earlier

Description The issue is related to insecure permissions in certain components of DATEV programs v14.1, allowing an attacker to escalate privileges due to insufficient configuration of service components.

Recommendations For Update Manager versions 5.8.0.2300 and earlier, update to a version later than 5.8.0.2300 to resolve the issue. For DFL versions 12.5.1001.5 and earlier, update to a version later than 12.5.1001.5 to resolve the issue.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-41428

Affected Products

Datev Programs

Dfl

Update Manager

PT-2021-23296 · Unknown+1 · Update Manager+2

CVE-2021-41428

Related Identifiers

Affected Products

References · 2