Abstract Advisory Information
This vulnerability allows an attacker to use the TeamMate application attachments to trick authenticated users to download and execute malicious files.
Version affected
Vendor: Wolters Kluwer
Name: TeamMate Audit Solutions
Version: TeamMate AM 12.4 Update 1
Common Vulnerability Scoring System
4.4
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Patches
Unknown.
References
Vulnerability Disclosure Timeline
- 03/09/2021: Vulnerability discovery
- 15/09/2021: Vulnerability Report to CERT-XLM
- 17/09/2021: Vulnerability Report to Vendor: Form to the TeamMate+ Audit team + in the website
- 08/10/2021: Attempt to report via email + call UK and US phone number
- 08/10/2021: Got contact email from Twitter private contact
- 22/10/2021: Contacted the TeamMate’s support
- 02/11/2021: Got acknowledgement from vendor’s Audit, Risk & Compliance technical support.
- 04/11/2021: Vendor will evaluate the necessity to produce a patch. If a patch is release, customers will know it through release notes
- 19/11/2021: Request CVE IDs to Mitre
- 19/11/2021: CVE ID assigned: CVE-2021-44035
- 13/12/2021: Expected Vulnerability disclosure
Find more vulnerabilities in our Security Advisory section.