Improper Input Validation in CLUSTERPRO and EXPRESSCLUSTER by NEC
CVE-2021-20706

7.5HIGH

Key Information:

Vendor: Nec Corporation
Status: Clusterpro X
Vendor: CVE Published:; 3 November 2021

🔔 Create Nec Corporation Vulnerability Alert

What is CVE-2021-20706?

A vulnerability exists in NEC's CLUSTERPRO and EXPRESSCLUSTER products due to improper input validation. This flaw allows an attacker to exploit the system through remote file upload capabilities, potentially compromising the integrity and confidentiality of the affected systems. It is crucial for users to evaluate their exposure to this issue and apply necessary security updates to safeguard their environments.

Affected Version(s)

CLUSTERPRO X CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier

References

https://jpn.nec.com/security-info/secinfo/nv21-015_en.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2021
Vulnerability Reserved
Dec 17, 2020

JSON