Unrestricted Directory Access Vulnerability in TCExam by TCExam Team
CVE-2021-20114

7.5HIGH

Key Information:

Vendor: Tecnick
Status: Tcexam
Vendor: CVE Published:; 30 July 2021

What is CVE-2021-20114?

A vulnerability exists in TCExam versions up to 14.8.1 that permits unauthenticated users to access the /cache/backup/ directory. This directory contains sensitive database backup files, potentially exposing critical data to attackers. If the software is set up with default or recommended configurations, the issue can lead to significant security risks as these backups are not adequately protected, allowing unauthorized access to sensitive information.

Affected Version(s)

TCExam 14.8.1

References

https://www.tenable.com/security/research/tra-2021-32

x_refsource_MISC

EPSS Score

53% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2021
Vulnerability Reserved
Dec 17, 2020

Tecnick

What is CVE-2021-20114?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline