Main Vulnerability Database Vulnerabilities #VU49571

Improper access control in acmailer and acmailer DB - CVE-2021-20617

Published: January 14, 2021 / Updated: January 18, 2021

Vulnerability identifier: #VU49571

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-20617

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
acmailer
acmailer DB

Software vendor:
Seed Co Limited

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application, leading to arbitrary OS command injection and privilege escalation.

Remediation

Install updates from vendor's website.

External links

https://jvn.jp/en/jp/JVN35906450/index.html
https://www.acmailer.jp/info/de.cgi?id=101

Improper access control in acmailer and acmailer DB - CVE-2021-20617

Description

Remediation

External links

Please verify you're human