Command Injection Vulnerability in Yonyou PLM by Yonyou
CVE-2021-41744

9.8CRITICAL

Key Information:

Vendor: Yonyou
Status: Ufida Product Lifecycle Management
Vendor: CVE Published:; 22 October 2021

What is CVE-2021-41744?

The command injection vulnerability in Yonyou PLM enables attackers to execute arbitrary commands on the server, leading to unauthorized access and manipulation of the management control background. This issue is particularly concerning as it allows intruders to gain elevated permissions without proper authorization, potentially compromising the integrity of product information management across organizations.

References

https://www.cnvd.org.cn/flaw/show/CNVD-2021-39097

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2021
Vulnerability Reserved
Sep 27, 2021