Search
Find a vulnerability
Search criteria
2 vulnerabilities found for revenera_installshield by flexera
CVE-2021-41526 (GCVE-0-2021-41526)
Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2024-08-04 03:15
VLAI
Summary
A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
3 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| flexera | revenera_installshield |
Affected:
0 , < 2021
(custom)
cpe:2.3:a:flexera:revenera_installshield:-:*:*:*:*:windows:*:* |
|
| flexera | revenera_installshield |
Affected:
2021
cpe:2.3:a:flexera:revenera_installshield:2021:-:*:*:*:windows:*:* |
|
| flexera | revenera_installshield |
Affected:
2021
cpe:2.3:a:flexera:revenera_installshield:2021:r1:*:*:*:windows:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:flexera:revenera_installshield:-:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "revenera_installshield",
"vendor": "flexera",
"versions": [
{
"lessThan": "2021",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:flexera:revenera_installshield:2021:-:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "revenera_installshield",
"vendor": "flexera",
"versions": [
{
"status": "affected",
"version": "2021"
}
]
},
{
"cpes": [
"cpe:2.3:a:flexera:revenera_installshield:2021:r1:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "revenera_installshield",
"vendor": "flexera",
"versions": [
{
"status": "affected",
"version": "2021"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-41526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T14:30:28.705266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T14:33:52.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md"
},
{
"name": "20240419 MindManager 23 - full disclosure",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Apr/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked \u2018repair\u2019 of the MSI which has an InstallScript custom action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T15:05:51.662Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"url": "https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message"
},
{
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md"
},
{
"name": "20240419 MindManager 23 - full disclosure",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Apr/24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2021-41526",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2021-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:15:28.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41526 (GCVE-0-2021-41526)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2024-08-04 03:15
VLAI
Summary
A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
3 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| flexera | revenera_installshield |
Affected:
0 , < 2021
(custom)
cpe:2.3:a:flexera:revenera_installshield:-:*:*:*:*:windows:*:* |
|
| flexera | revenera_installshield |
Affected:
2021
cpe:2.3:a:flexera:revenera_installshield:2021:-:*:*:*:windows:*:* |
|
| flexera | revenera_installshield |
Affected:
2021
cpe:2.3:a:flexera:revenera_installshield:2021:r1:*:*:*:windows:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:flexera:revenera_installshield:-:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "revenera_installshield",
"vendor": "flexera",
"versions": [
{
"lessThan": "2021",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:flexera:revenera_installshield:2021:-:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "revenera_installshield",
"vendor": "flexera",
"versions": [
{
"status": "affected",
"version": "2021"
}
]
},
{
"cpes": [
"cpe:2.3:a:flexera:revenera_installshield:2021:r1:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "revenera_installshield",
"vendor": "flexera",
"versions": [
{
"status": "affected",
"version": "2021"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-41526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T14:30:28.705266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T14:33:52.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md"
},
{
"name": "20240419 MindManager 23 - full disclosure",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Apr/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked \u2018repair\u2019 of the MSI which has an InstallScript custom action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T15:05:51.662Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"url": "https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message"
},
{
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md"
},
{
"name": "20240419 MindManager 23 - full disclosure",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Apr/24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2021-41526",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2021-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:15:28.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}