CVE-2021-31771

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-31771
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-732

18 Jan 2022, 19:15

Type Values Removed Values Added
CPE cpe:2.3:a:splinterware:system_scheduler:5.30:*:*:*:professional:*:*:*
Summary ** DISPUTED ** Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service 'WindowsScheduler' calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as "nt authority\system") since the service runs as Local System. NOTE: the vendor states that the exploit-db.com and packetstormsecurity.com references (provided by a third party) were deleted once the vendor "proved that he had made a mistake." ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CWE CWE-269
References
  • {'url': 'https://www.exploit-db.com/exploits/49858', 'name': 'https://www.exploit-db.com/exploits/49858', 'tags': ['Exploit', 'Third Party Advisory', 'VDB Entry'], 'refsource': 'MISC'}
  • {'url': 'http://splinterware.com', 'name': 'http://splinterware.com', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}
  • {'url': 'https://packetstormsecurity.com/files/162540/Splinterware-System-Scheduler-Professional-5.30-Privilege-Escalation.html', 'name': 'https://packetstormsecurity.com/files/162540/Splinterware-System-Scheduler-Professional-5.30-Privilege-Escalation.html', 'tags': ['Exploit', 'Third Party Advisory', 'VDB Entry'], 'refsource': 'MISC'}
CVSS v2 : 7.2
v3 : 7.8 		v2 : unknown
v3 : unknown

14 Jan 2022, 18:15

Type Values Removed Values Added
Summary Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service 'WindowsScheduler' calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as "nt authority\system") since the service runs as Local System. ** DISPUTED ** Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service 'WindowsScheduler' calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as "nt authority\system") since the service runs as Local System. NOTE: the vendor states that the exploit-db.com and packetstormsecurity.com references (provided by a third party) were deleted once the vendor "proved that he had made a mistake."

08 Jul 2021, 19:53

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : 7.2
v3 : 7.8
CPE cpe:2.3:a:splinterware:system_scheduler:5.30:*:*:*:professional:*:*:*
References (MISC) http://splinterware.com - (MISC) http://splinterware.com - Vendor Advisory
References (MISC) https://www.exploit-db.com/exploits/49858 - (MISC) https://www.exploit-db.com/exploits/49858 - Exploit, Third Party Advisory, VDB Entry
References (MISC) https://packetstormsecurity.com/files/162540/Splinterware-System-Scheduler-Professional-5.30-Privilege-Escalation.html - (MISC) https://packetstormsecurity.com/files/162540/Splinterware-System-Scheduler-Professional-5.30-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry
CWE CWE-269

06 Jul 2021, 14:51

Type Values Removed Values Added
New CVE
Information

Published : 2021-07-06 14:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-31771

Mitre link : CVE-2021-31771

CVE.ORG link : CVE-2021-31771

JSON object : View

Products Affected

No product.

CWE
CWE-732

Incorrect Permission Assignment for Critical Resource