CVE-2021-41528 - Vulnerability Details - OpenCVE

An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to access the import / export functionality with low privileges.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://community.flexera.com/s/feed/0D5PL00000Nwgg30AB
https://medium.com/@amroot/cve-2021-41528-flexera-risc-networks-vulnerable-authorization-schema-3e980d59217a

History

Fri, 07 Feb 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 07 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
References		https://medium.com/@amroot/cve-2021-41528-flexera-risc-networks-vulnerable-authorization-schema-3e980d59217a

Fri, 07 Feb 2025 20:00:00 +0000

Type	Values Removed	Values Added
Description		An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to access the import / export functionality with low privileges.
Title		Improper authorization related to Import / Export interfaces on RISC Platform
Weaknesses		CWE-863
References		https://community.flexera.com/s/feed/0D5PL00000Nwgg30AB
Metrics		cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2025-02-07T19:54:05.632Z

Updated: 2025-02-07T21:18:57.352Z

Reserved: 2021-09-20T20:53:08.236Z

Link: CVE-2021-41528

Vulnrichment

Updated: 2025-02-07T21:15:28.897Z

NVD

Status : Received

Published: 2025-02-07T20:15:32.320

Modified: 2025-02-07T20:15:32.320

Link: CVE-2021-41528

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-41528", "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "state": "PUBLISHED", "assignerShortName": "flexera", "dateReserved": "2021-09-20T20:53:08.236Z", "datePublished": "2025-02-07T19:54:05.632Z", "dateUpdated": "2025-02-07T21:18:57.352Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "RISC Platform", "vendor": "Flexera", "versions": [{"lessThan": "saas-2021-12-29", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An error <span style=\"background-color: rgb(255, 255, 255);\">when handling authorization related to the import / export interfaces</span> on the <span style=\"background-color: rgb(255, 255, 255);\">RISC Platform prior to the <span style=\"background-color: rgb(255, 255, 255);\">saas-2021-12-29 release </span></span>can potentially be exploited to <span style=\"background-color: rgb(255, 255, 255);\">access the import / export functionality with low privileges.</span></span><br><br>"}], "value": "An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to\u00a0access the import / export functionality with low privileges."}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera", "dateUpdated": "2025-02-07T20:03:46.478Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://community.flexera.com/s/feed/0D5PL00000Nwgg30AB"}, {"tags": ["related"], "url": "https://medium.com/@amroot/cve-2021-41528-flexera-risc-networks-vulnerable-authorization-schema-3e980d59217a"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper authorization related to Import / Export interfaces on RISC Platform", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-07T21:15:25.212856Z", "id": "CVE-2021-41528", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T21:18:57.352Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-41528", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-07T21:15:25.212856Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T21:15:28.897Z"}}], "cna": {"title": "Improper authorization related to Import / Export interfaces on RISC Platform", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Flexera", "product": "RISC Platform", "versions": [{"status": "affected", "version": "0", "lessThan": "saas-2021-12-29", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.flexera.com/s/feed/0D5PL00000Nwgg30AB", "tags": ["vendor-advisory"]}, {"url": "https://medium.com/@amroot/cve-2021-41528-flexera-risc-networks-vulnerable-authorization-schema-3e980d59217a", "tags": ["related"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to\u00a0access the import / export functionality with low privileges.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An error <span style=\"background-color: rgb(255, 255, 255);\">when handling authorization related to the import / export interfaces</span> on the <span style=\"background-color: rgb(255, 255, 255);\">RISC Platform prior to the <span style=\"background-color: rgb(255, 255, 255);\">saas-2021-12-29 release </span></span>can potentially be exploited to <span style=\"background-color: rgb(255, 255, 255);\">access the import / export functionality with low privileges.</span></span><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera", "dateUpdated": "2025-02-07T20:03:46.478Z"}}}, "cveMetadata": {"cveId": "CVE-2021-41528", "state": "PUBLISHED", "dateUpdated": "2025-02-07T21:18:57.352Z", "dateReserved": "2021-09-20T20:53:08.236Z", "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "datePublished": "2025-02-07T19:54:05.632Z", "assignerShortName": "flexera"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to\u00a0access the import / export functionality with low privileges."}], "id": "CVE-2021-41528", "lastModified": "2025-02-07T20:15:32.320", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "PSIRT-CNA@flexerasoftware.com", "type": "Secondary"}]}, "published": "2025-02-07T20:15:32.320", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://community.flexera.com/s/feed/0D5PL00000Nwgg30AB"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://medium.com/@amroot/cve-2021-41528-flexera-risc-networks-vulnerable-authorization-schema-3e980d59217a"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "PSIRT-CNA@flexerasoftware.com", "type": "Secondary"}]}