Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback 21.02.04.
CVE Status: Awaiting Analysis
Attribute | Value |
---|---|
Attack Complexity | LOW |
Attack Vector | NETWORK |
Availability Impact | HIGH |
Base Score | 9.1 |
Base Severity | CRITICAL |
Confidentiality Impact | HIGH |
Integrity Impact | HIGH |
Privileges Required | HIGH |
Scope | CHANGED |
User Interaction | NONE |
Vector String | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Exploitability Score | 2.3 |
Impact Score | 6 |
Source | [email protected] |
Type | Secondary |