Information Disclosure Vulnerability in OpenText Brava! Desktop
CVE-2021-31501

3.3LOW

Key Information:

Vendor: Opentext
Status: Brava! Desktop
Vendor: CVE Published:; 15 June 2021

Summary

This vulnerability allows remote attackers to disclose sensitive information on installations of OpenText Brava! Desktop 16.6.3.84. Exploitation requires user interaction, where the target must visit a malicious webpage or open a compromised file. The vulnerability stems from improper validation of user-supplied data during the parsing of DWG files, potentially leading to reading past the end of an allocated data structure. This flaw can be leveraged in combination with other vulnerabilities to execute arbitrary code within the context of the affected process.

Affected Version(s)

Brava! Desktop 16.6.3.84

References

https://www.zerodayinitiative.com/advisories/ZDI-21-641/

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2021
Vulnerability Reserved
Apr 16, 2021

Credit

Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative