CVE-2021-31221 : SES Evolution before 2.1.0 allows deleting some parts of a security policy by le

SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed.

Published 2021-07-13 14:15:09

Updated 2021-07-15 19:58:22

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-31221

Stormshield » Endpoint Security
Versions from including (>=) 2.0.0 and up to, including, (<=) 2.0.2
cpe:2.3:a:stormshield:endpoint_security:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-31221

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 19 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-31221

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.9	LOW	AV:A/AC:M/Au:N/C:N/I:P/A:N	5.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.7	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	2.1	3.6	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: High Availability: None

References for CVE-2021-31221

https://advisories.stormshield.eu/2021-023/

SES Evolution server access check bypass (CVE-2021-31221) | Stormshield security
Vendor Advisory
https://advisories.stormshield.eu

Accueil | Stormshield security
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-31221

Products affected by CVE-2021-31221

Exploit prediction scoring system (EPSS) score for CVE-2021-31221

CVSS scores for CVE-2021-31221

References for CVE-2021-31221