Access Control Weakness in SES Evolution by Stormshield
CVE-2021-31220

5.2MEDIUM

Key Information:

Vendor: Stormshield
Status: Endpoint Security
Vendor: CVE Published:; 13 July 2021

🔔 Create Stormshield Vulnerability Alert

What is CVE-2021-31220?

SES Evolution prior to version 2.1.0 has a security vulnerability that allows users with read-only permissions to alter security policy configurations. This flaw can be exploited to manipulate sensitive settings, posing a risk to the integrity of the security environment. Organizations using affected versions should prioritize updating to the latest version to mitigate potential unauthorized access to critical security controls.

References

https://advisories.stormshield.eu

x_refsource_MISC

https://advisories.stormshield.eu/2021-022/

x_refsource_MISC

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
Apr 15, 2021

CVE-2021-31220 Data

JSON