cbcvebase.
CVE-2021-41382
published 2021-09-22

CVE-2021-41382: Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.

PriorityP259high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EXPLOIT
EPSS
8.94%
94.6th percentile
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.

Affected

1 ranges
VendorProductVersion rangeFixed in
plasticscmplastic_scm< 10.0.16.562210.0.16.5622

Detection & IOCsextracted from sources · hover to see the quote

urltarget.com/account/register
urltarget.com/configuration/authentication
urltarget.com/webui/repos
urltarget.com/account
  • Monitor for unauthenticated HTTP GET/POST requests to the /account/register path on Plastic SCM WebAdmin instances, which should not be publicly accessible and indicates an attempt to reset the administrator password without prior authentication.
  • Alert on unauthenticated or anomalous access to /configuration/authentication endpoint on Plastic SCM WebAdmin, which is abused to change arbitrary user passwords post admin account takeover.
  • Use the Shodan dork 'title:"Plastic SCM"' to identify internet-exposed Plastic SCM WebAdmin instances that may be vulnerable.
  • ·The vulnerability affects Plastic SCM versions strictly before 10.0.16.5622; the WebAdmin server management interface must be network-accessible for exploitation. Restrict WebAdmin to trusted networks or localhost to mitigate exposure.
  • ·The exploit was tested and confirmed functional on Chrome, Firefox, and Edge browsers, indicating it is a purely web-based attack requiring no special client tooling.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.