File Upload Vulnerability in GFI Mail Archiver by GFI Software
CVE-2021-29281

9.8CRITICAL

Key Information:

Vendor

Gfi

Status
Archiver
Vendor
CVE Published:
7 July 2022

What is CVE-2021-29281?

The GFI Mail Archiver is impacted by a file upload vulnerability due to an insecure implementation of the Telerik Web UI plugin. This flaw allows attackers to exploit the system and perform arbitrary file uploads, potentially compromising the integrity of the application. This vulnerability is linked to previous vulnerabilities in the Telerik Web UI component, further exposing GFI Mail Archiver to risks. Ensuring prompt updates and utilizing security best practices can mitigate the risk posed by such vulnerabilities.

References

https://cwe.mitre.org/data/definitions/434.html
x_refsource_MISC
https://owasp.org/www-community/vulnerabilities/Unrestric...
x_refsource_MISC
https://www.gfi.com/products-and-solutions/network-securi...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.