Security Policy Exposure in SES Evolution by Stormshield
CVE-2021-31223

5.7MEDIUM

Key Information:

Vendor: Stormshield
Status: Endpoint Security
Vendor: CVE Published:; 13 July 2021

🔔 Create Stormshield Vulnerability Alert

What is CVE-2021-31223?

The SES Evolution software from Stormshield, prior to version 2.1.0, has a vulnerability that allows an unauthorized user to read parts of the security policy. This exposure can be exploited when an attacker gains access to a computer that has the administration console installed. The implications of this vulnerability could lead to exposure of sensitive information about the security posture of the affected system.

References

https://advisories.stormshield.eu

x_refsource_MISC

https://advisories.stormshield.eu/2021-025/

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
Apr 15, 2021

CVE-2021-31223 Data

JSON