ByteOS Network

NVD Vulnerability Details :

CVE-2021-36233

Analyzed

Source-cve@mitre.org

Published At-31 Aug, 2021 | 18:15

Updated At-08 Sep, 2021 | 18:05

The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N

CPE Matches

unit4>>mik.starlight>>7.9.5.24363

cpe:2.3:a:unit4:mik.starlight:7.9.5.24363:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-552	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-037.txt	cve@mitre.org	Exploit Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History