Description

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.

Related CPE's

a

soyal

701clientsql

Vulnerable

a

soyal

701server

Vulnerable

a

soyal

701serversql

Vulnerable

References

https://www.exploit-db.com/exploits/49678

ExploitThird Party AdvisoryVDB Entry

https://www.zeroscience.mk/en/vulnerabilities

ExploitThird Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-276

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-04-27T13:15:08.373

4 years ago

Last modified

2021-09-23T14:27:05.190

3 years ago