Access Control Vulnerability in SES Evolution by Stormshield
CVE-2021-31221

5.7MEDIUM

Key Information:

Vendor: Stormshield
Status: Endpoint Security
Vendor: CVE Published:; 13 July 2021

🔔 Create Stormshield Vulnerability Alert

What is CVE-2021-31221?

SES Evolution versions before 2.1.0 contain a security flaw that allows authenticated users with access to the administration console to delete critical components of a security policy. This vulnerability could result in unauthorized changes that compromise the integrity and security of the system, leading to potential risks for environments relying on this solution for security management.

References

https://advisories.stormshield.eu

x_refsource_MISC

https://advisories.stormshield.eu/2021-023/

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
Apr 15, 2021

CVE-2021-31221 Data

JSON