PT-2025-1354 · Inspur · Inspur Clusterengine

Published

2025-01-06

Updated

2025-09-05

CVE-2021-27285

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Inspur ClusterEngine version 4.0

Description An issue was discovered that allows attackers to gain escalated local privileges and execute arbitrary commands via the /opt/tsce4/torque6/bin/getJobsByShell endpoint.

Recommendations For Inspur ClusterEngine version 4.0, consider restricting access to the /opt/tsce4/torque6/bin/getJobsByShell endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2021-27285

Affected Products

Inspur Clusterengine

PT-2025-1354 · Inspur · Inspur Clusterengine

CVE-2021-27285

Weakness Enumeration

Related Identifiers

Affected Products

References · 6