Headline
CVE-2021-45091: SES Evolution server access check bypass (CVE-2021-45091)
Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control.
Advisory ID
CVE Number
Date discovered
Severity
Advisory revision
STORM-2021-072
CVE-2021-45091
09/17/2021
low
v1
Vulnerability details
An unspecified vulnerability in SES Evolution could allow an authenticated user to forge some incorrect system logs.
Impacted products
Products
Severity
Detail
Stormshield Endpoint Security
low
SES is impacted
Revisions
Version
Date
Description
v1
12/21/2021
Initial release
Stormshield Endpoint Security
CVSS v3.1 Overall Score: 2
Analysis
Impacted version
An attacker may trick a user connected to a machine where the SES Evolution console is installed to execute a malicious program in order to forge some incorrect system logs.
- SES 2.1.0 to 2.1.1
Workaround solution
Solution
There is no workaround solution.
The 2.1.2 update fixes this vulnerability.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability impact
Adjacent Network
Low
Low
Required
Unchanged
None
Low
None
CVSS Base score: 3
CVSS Vector: (AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
Exploit Code Maturity
Remediation Level
Report Confidence
Unproven that exploit exists
Official fix
Confirmed
CVSS Temporal score: 2.6
CVSS Vector: (AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Confidentiality Requirement
Integrity Requirement
Availability Requirement
Low
Low
Low
CVSS Environmental score: 2
CVSS Vector: (AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)