Arbitrary Code Execution in OpenText Brava! Desktop Software
CVE-2021-31497

7.8HIGH

Key Information:

Vendor: Opentext
Status: Brava! Desktop
Vendor: CVE Published:; 15 June 2021

Summary

This vulnerability enables remote attackers to execute arbitrary code on installations of OpenText Brava! Desktop 16.6.3.84. Successful exploitation requires user interaction, compelling the victim to visit a malicious webpage or open a compromised DWG file. The vulnerability stems from inadequate validation of object existence before performing actions, allowing attackers to execute code in the context of the current process. Mitigating this risk requires immediate attention to patching and user awareness regarding potential threats.

Affected Version(s)

Brava! Desktop 16.6.3.84

References

https://www.zerodayinitiative.com/advisories/ZDI-21-637/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2021
Vulnerability Reserved
Apr 16, 2021

Credit

Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative