Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for revenera_installshield by flexera

    CVE-2021-41526 (GCVE-0-2021-41526)

    Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2024-08-04 03:15
    VLAI
    Summary
    A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    flexera revenera_installshield Affected: 0 , < 2021 (custom)
        cpe:2.3:a:flexera:revenera_installshield:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    flexera revenera_installshield Affected: 2021
        cpe:2.3:a:flexera:revenera_installshield:2021:-:*:*:*:windows:*:*
    Create a notification for this product.
    flexera revenera_installshield Affected: 2021
        cpe:2.3:a:flexera:revenera_installshield:2021:r1:*:*:*:windows:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:flexera:revenera_installshield:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "revenera_installshield",
                "vendor": "flexera",
                "versions": [
                  {
                    "lessThan": "2021",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:flexera:revenera_installshield:2021:-:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "revenera_installshield",
                "vendor": "flexera",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2021"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:flexera:revenera_installshield:2021:r1:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "revenera_installshield",
                "vendor": "flexera",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2021"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-41526",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-24T14:30:28.705266Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-24T14:33:52.948Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:15:28.449Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md"
              },
              {
                "name": "20240419 MindManager 23 - full disclosure",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Apr/24"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked \u2018repair\u2019 of the MSI which has an InstallScript custom action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-19T15:05:51.662Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "url": "https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message"
            },
            {
              "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md"
            },
            {
              "name": "20240419 MindManager 23 - full disclosure",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2024/Apr/24"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2021-41526",
        "datePublished": "2023-03-29T00:00:00.000Z",
        "dateReserved": "2021-09-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:15:28.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41526 (GCVE-0-2021-41526)

    Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2024-08-04 03:15
    VLAI
    Summary
    A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    flexera revenera_installshield Affected: 0 , < 2021 (custom)
        cpe:2.3:a:flexera:revenera_installshield:-:*:*:*:*:windows:*:*
    Create a notification for this product.
    flexera revenera_installshield Affected: 2021
        cpe:2.3:a:flexera:revenera_installshield:2021:-:*:*:*:windows:*:*
    Create a notification for this product.
    flexera revenera_installshield Affected: 2021
        cpe:2.3:a:flexera:revenera_installshield:2021:r1:*:*:*:windows:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:flexera:revenera_installshield:-:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "revenera_installshield",
                "vendor": "flexera",
                "versions": [
                  {
                    "lessThan": "2021",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:flexera:revenera_installshield:2021:-:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "revenera_installshield",
                "vendor": "flexera",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2021"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:flexera:revenera_installshield:2021:r1:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "revenera_installshield",
                "vendor": "flexera",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2021"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-41526",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-24T14:30:28.705266Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-24T14:33:52.948Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:15:28.449Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md"
              },
              {
                "name": "20240419 MindManager 23 - full disclosure",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Apr/24"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked \u2018repair\u2019 of the MSI which has an InstallScript custom action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-19T15:05:51.662Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "url": "https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message"
            },
            {
              "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md"
            },
            {
              "name": "20240419 MindManager 23 - full disclosure",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2024/Apr/24"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2021-41526",
        "datePublished": "2023-03-29T00:00:00.000Z",
        "dateReserved": "2021-09-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:15:28.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }