PT-2022-9255 · Sa360 · Sa360

Jonathan Leitschuh

Published

2022-03-18

Updated

2022-05-10

CVE-2021-22571

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SA360 versions prior to 1.0.3

Description A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during the staging process before the files are loaded in BigQuery.

Recommendations For versions prior to 1.0.3, upgrade to version 1.0.3 or above.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-275

Related Identifiers

CVE-2021-22571

GHSA-7FJX-657R-9R5H

Affected Products

Sa360

PT-2022-9255 · Sa360 · Sa360

CVE-2021-22571

Weakness Enumeration

Related Identifiers

Affected Products

References · 6