Access Control Bypass in SES Evolution by Stormshield
CVE-2021-31222

5.7MEDIUM

Key Information:

Vendor: Stormshield
Status: Endpoint Security
Vendor: CVE Published:; 13 July 2021

🔔 Create Stormshield Vulnerability Alert

What is CVE-2021-31222?

SES Evolution before version 2.1.0 is susceptible to an access control bypass, which allows unauthorized users to make updates to certain components of security policies. This vulnerability arises when an attacker with access to a computer where the administration console is installed can exploit the system to alter security configurations, potentially leading to significant security breaches. Users are advised to upgrade to the latest version to mitigate this risk.

References

https://advisories.stormshield.eu

x_refsource_MISC

https://advisories.stormshield.eu/2021-024/

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
Apr 15, 2021

CVE-2021-31222 Data

JSON