PT-2022-10156 · Unknown · Mdt Autosave

Amir Preminger

Published

2022-04-01

Updated

2022-04-09

CVE-2021-32937

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MDT AutoSave versions prior to v6.02.06

Description An issue exists where an attacker can gain knowledge of a session's temporary working folder when the getfile and putfile commands are used. This knowledge can be leveraged to provide a malicious command to the working directory, allowing read and write activity to be initiated.

Recommendations For versions prior to v6.02.06, update to version v6.02.06 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary working folder to minimize the risk of exploitation.

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

CVE-2021-32937

Affected Products

Mdt Autosave

PT-2022-10156 · Unknown · Mdt Autosave

CVE-2021-32937

Weakness Enumeration

Related Identifiers

Affected Products

References · 3