CVE-2021-26804
published 2021-05-04CVE-2021-26804: Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to…
PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
1.19%
64.0th percentile
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| centreon | centreon_web | — | — |
| centreon | centreon_web | — | — |
| centreon | centreon_web | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Sentinelone
AtomSilo
blogs_sentinelone·2022-11-30
AtomSilo
How It Works The Singularity XDR Difference
Singularity Marketplace One-Click Integrations to Unlock the Power of XDR
Pricing & Packaging Comparisons and Guidance at a Glance
Purple AI Accelerate SecOps with Generative AI
Singularity Hyperautomation Easily Automate Security Processes
AI-SIEM The AI SIEM for the Autonomous SOC
Singularity Data Lake AI-Powered, Unified Data Lake
Singularity Data Lake for Log Analytics Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
Singularity Endpoint Autonomous Prevention, Detection, and Response
Singularity XDR Native & Open Protection, Detection, and Response
Singularity RemoteOps Forensics Orchestrate Forensics at Scale
Singularity
Threat Intelligence Comprehensive Adversary Intelligence
Singularity Vulnerability Management
Sentinelone
AtomSilo
blogs_sentinelone·CVSS 9.8
CVE-2021-26084 [CRITICAL] AtomSilo
# AtomSilo Ransomware: In-Depth Analysis, Detection, Mitigation, and Removal
## Summary of AtomSilo Ransomware
AtomSilo emerged in September 2021. AtomSilo targets corporate networks and engages in multi- extortion – demanding payment for decryption tools, as well as for the non-release of stolen data. Operators behind AtomSilo gained early traction via their highlighted use of a flaw (CVE-2021-26084) in Confluence software, a popular enterprise collaboration platform.
## What Does AtomSilo Ransomware Target?
AtomSilo ransomware typically targets high-value industries such as healthcare, finance, legal, manufacturing, retail, and government. It has also been known to target small to medium-sized businesses. AtomSilo claims to avoid targeting of medical, critical infrastructure, educati
2021-05-04
Published