Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064)

Description

Kramer VIAware allows an unauthenticated user to upload arbitrary files. An attacker can exploit it to achieve remote code execution.

Remediation

Upgrade to the latest version of Kramer VIAware

References

CVE-2021-36356 Detail

CVE-2021-36356 Unauthenticated Remote Code Execution in VIAware

Related Vulnerabilities

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10704)

qdPM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-26180)

Magento Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2019-8154)

Sqlite Improper Input Validation Vulnerability (CVE-2017-13685)

ownCloud Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2021-35947)

Severity

Critical

Classification

CVE-2021-36356 CVE-2019-17124 CVE-2021-35064 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Unauthenticated File Upload Code Execution Known Vulnerabilities