CVE-2021-20707

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGH
EPSS
0.3%
top 45.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
NEC Clusterpro XNEC Clusterpro X SingleserversafeNEC Expresscluster X+2 more
Timeline
PublishedNov 3
Latest updateMay 24

Description

Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network..

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

NVDnec/clusterpro_x1.04.3
NVDnec/expresscluster_x1.04.3
CVEListV5nec_corporation/clusterpro_xCLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier

🔴Vulnerability Details

2
GHSA
GHSA-3jw5-8hpm-44m2: Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 12022-05-24
CVEList
CVE-2021-20707: Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 42021-11-02
CVE-2021-20707 (HIGH CVSS 7.5) | Improper input validation vulnerabi | cvebase.io