CVE-2021- 44035

CVE-2021- 44035

by Excellium SA

Abstract Advisory Information

This vulnerability allows an attacker to use the TeamMate application attachments to trick authenticated users to download and execute malicious files.

 

Version affected

Vendor: Wolters Kluwer

Name: TeamMate Audit Solutions

Version: TeamMate AM 12.4 Update 1

 

Common Vulnerability Scoring System

4.4

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

 

Patches

Unknown.

 

References

 

Vulnerability Disclosure Timeline

  • 03/09/2021: Vulnerability discovery
  • 15/09/2021: Vulnerability Report to CERT-XLM
  • 17/09/2021: Vulnerability Report to Vendor: Form to the TeamMate+ Audit team + in the website
  • 08/10/2021: Attempt to report via email + call UK and US phone number
  • 08/10/2021: Got contact email from Twitter private contact
  • 22/10/2021: Contacted the TeamMate’s support
  • 02/11/2021: Got acknowledgement from vendor’s Audit, Risk & Compliance technical support.
  • 04/11/2021: Vendor will evaluate the necessity to produce a patch. If a patch is release, customers will know it through release notes
  • 19/11/2021: Request CVE IDs to Mitre
  • 19/11/2021: CVE ID assigned: CVE-2021-44035
  • 13/12/2021: Expected Vulnerability disclosure

Find more vulnerabilities in our Security Advisory section.

Top