CVE-2021-42337 MEDIUM

CVE-2021-42337: TVN-202110009

Weakness CWE-285

Published November 16, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters.

Key dates

02Disclosure timeline

November 16, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-42337 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

04Related CVE

CVE-2023-28973 Junos OS Evolved: The 'sysmanctl' shell command allows a local user to gain access to some administrative actions CVE-2025-3924 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email Enumeration CVE-2026-42875 External Secrets Operator: Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore CVE-2018-1113 CVE-2022-1224 Improper Authorization in phpipam/phpipam