VDB
CVE-2021-43113
CVE-2021-43113
PUBLISHED
Es besteht eine Schwachstelle in Dell Data Protection Advisor. Dieser Fehler betrifft die Drittanbieterkomponente iTextPDF aufgrund der unsachgemäßen Behandlung von Dateinamen in der Ghostscript-Befehlszeile, was eine Befehlsinjektion ermöglicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen.
EPSS 3.47% · 87.8th percentile
Risk Scores
EPSS Score
3.47%
87.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Insurance Applications 12.6 | |
| Oracle | Oracle Fusion Middleware 14.1.1.0.0 | |
| Oracle | Oracle Fusion Middleware 9.1.0 | |
| Oracle | Oracle Insurance Applications 12.7 | |
| Oracle | Oracle Fusion Middleware 12.2.1.4.0 | |
| Oracle | Oracle Fusion Middleware 12.2.1.3.0 |
Exploit Intelligence
- CIRCL seen: CVE-2021-43113 (circl-sighting)
- https://github.com/itext/itext7/releases/tag/7.1.17 (circl)
- https://pastebin.com/BXnkY9YY (circl)
- [debian-lts-announce] 20230118 [SECURITY] [DLA 3273-1] libitext5-java security update (circl)
- DSA-5323 (circl)
- https://github.com/itext/itextpdf/releases/tag/5.5.13.3 (circl)
Timeline
- CVE Published
- Dec 15, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 3, 2022 EPSS Score
- May 27, 2022 EPSS Score
- Sep 14, 2022 EPSS Score
- Nov 7, 2022 EPSS Score
- Dec 31, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 19, 2023 EPSS Score
- Jun 12, 2023 EPSS Score
- Sep 29, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1807.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1807 advisory
- https://www.oracle.com/security-alerts/cpujul2023.html#AppendixFMW advisory
- https://www.dell.com/support/kbdoc/000220669/dsa-2023-= advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0896.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0896 advisory
- https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixINSU advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1689.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1689 advisory
- https://www.dell.com/support/kbdoc/de-de/000227136/dsa-2024-053-security-update-for-data-protection-advisor-multiple-third-party-component-vulnerabilities advisory