Search
Find a vulnerability
Search criteria
8 vulnerabilities found for mik.starlight by unit4
CVE-2021-36234 (GCVE-0-2021-36234)
Vulnerability from nvd – Published: 2021-08-31 17:45 – Updated: 2024-08-04 00:54
VLAI
Summary
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.syss.de | x_refsource_MISC |
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-039.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T17:45:38.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-039.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de",
"refsource": "MISC",
"url": "https://www.syss.de"
},
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-039.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-039.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36234",
"datePublished": "2021-08-31T17:45:38.000Z",
"dateReserved": "2021-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:54:51.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36233 (GCVE-0-2021-36233)
Vulnerability from nvd – Published: 2021-08-31 17:50 – Updated: 2024-08-04 00:54
VLAI
Summary
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:50.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-037.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T17:50:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-037.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-037.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-037.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36233",
"datePublished": "2021-08-31T17:50:00.000Z",
"dateReserved": "2021-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:54:50.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36232 (GCVE-0-2021-36232)
Vulnerability from nvd – Published: 2021-08-31 17:37 – Updated: 2024-08-04 00:54
VLAI
Summary
Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-036.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T17:37:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-036.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-036.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-036.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36232",
"datePublished": "2021-08-31T17:37:53.000Z",
"dateReserved": "2021-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:54:51.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36231 (GCVE-0-2021-36231)
Vulnerability from nvd – Published: 2021-08-31 17:41 – Updated: 2024-08-04 00:54
VLAI
Summary
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-035.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T17:41:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-035.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-035.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-035.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36231",
"datePublished": "2021-08-31T17:41:20.000Z",
"dateReserved": "2021-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:54:51.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36233 (GCVE-0-2021-36233)
Vulnerability from cvelistv5 – Published: 2021-08-31 17:50 – Updated: 2024-08-04 00:54
VLAI
Summary
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:50.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-037.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T17:50:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-037.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-037.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-037.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36233",
"datePublished": "2021-08-31T17:50:00.000Z",
"dateReserved": "2021-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:54:50.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36234 (GCVE-0-2021-36234)
Vulnerability from cvelistv5 – Published: 2021-08-31 17:45 – Updated: 2024-08-04 00:54
VLAI
Summary
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.syss.de | x_refsource_MISC |
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-039.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T17:45:38.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-039.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de",
"refsource": "MISC",
"url": "https://www.syss.de"
},
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-039.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-039.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36234",
"datePublished": "2021-08-31T17:45:38.000Z",
"dateReserved": "2021-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:54:51.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36231 (GCVE-0-2021-36231)
Vulnerability from cvelistv5 – Published: 2021-08-31 17:41 – Updated: 2024-08-04 00:54
VLAI
Summary
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-035.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T17:41:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-035.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-035.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-035.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36231",
"datePublished": "2021-08-31T17:41:20.000Z",
"dateReserved": "2021-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:54:51.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36232 (GCVE-0-2021-36232)
Vulnerability from cvelistv5 – Published: 2021-08-31 17:37 – Updated: 2024-08-04 00:54
VLAI
Summary
Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-036.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T17:37:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-036.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-036.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-036.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36232",
"datePublished": "2021-08-31T17:37:53.000Z",
"dateReserved": "2021-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:54:51.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}