CVE-2021-42797 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-42797 PUBLISHED CVSS 7.5 HIGH

Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.

EPSS 0.22% · 44.0th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.22%

44.0th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
aveva	edge	0, 2020, 2020

Timeline

Dec 16, 2023 CVE Published
Dec 16, 2023 EPSS Score
Jan 14, 2024 EPSS Score
Feb 11, 2024 EPSS Score
Mar 11, 2024 EPSS Score
Apr 8, 2024 EPSS Score
May 7, 2024 EPSS Score
Jun 5, 2024 EPSS Score
Jul 3, 2024 EPSS Score
Aug 4, 2024 CVE Updated
Aug 29, 2024 EPSS Score
Sep 27, 2024 EPSS Score

References

Open in Interactive Console →