Remote Code Execution Vulnerability in OpenText Brava! Desktop
CVE-2021-31489

7.8HIGH

Key Information:

Vendor: Opentext
Status: Brava! Desktop
Vendor: CVE Published:; 15 June 2021

What is CVE-2021-31489?

A remote code execution vulnerability exists in OpenText Brava! Desktop versions, allowing attackers to execute arbitrary code. The flaw arises during the parsing of DWF files, due to inadequate validation of user-supplied data. This can lead to a situation where an attacker can perform a write operation beyond the boundaries of an allocated buffer. Exploitation requires victims to open a malicious file or visit a harmful web page, which triggers the code execution in the context of the vulnerable application.

Affected Version(s)

Brava! Desktop 16.6.3.84

References

https://www.zerodayinitiative.com/advisories/ZDI-21-629/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2021
Vulnerability Reserved
Apr 16, 2021

Credit

rgod

Opentext

What is CVE-2021-31489?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit