CVE-2021-42338 CRITICAL

CVE-2021-42338: 4MOSAn GCB Doctor - Improper Authorization

Vendor 4Mosan

Product GCB Doctor

Weakness CWE-285

Published November 19, 2021

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.

Key dates

02Disclosure timeline

November 19, 2021 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-42338 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

Identifiers

CVE CVE-2021-42338

CWE CWE-285

CVSS 9.8 / CRITICAL

Affected versions