CVE-2021-41744
Last modified
CVE-2021-41744 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. EPSS estimates a 1.55% chance of exploitation in the next 30 days.
Description
All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design to the end of product life, and the collaborative creation, distribution, application and management of product information across organizations. Yonyou PLM uses jboss by default, and you can access the management control background without authorization An attacker can use this vulnerability to gain server permissions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Yonyou | Ufida Product Lifecycle Management | All versions |
References
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-39097Third Party Advisory
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-39097Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-41744?
How severe is CVE-2021-41744?
How do I fix CVE-2021-41744?
Are you affected by CVE-2021-41744?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST