CVE-2021- 44035

CVE-2021- 44035

by mathildeexlm

Abstract Advisory Information

This vulnerability allows an attacker to use the TeamMate application attachments to trick authenticated users to download and execute malicious files.

 

Version affected

Vendor: Wolters Kluwer

Name: TeamMate Audit Solutions

Version: TeamMate AM 12.4 Update 1

 

Common Vulnerability Scoring System

4.4

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

 

Patches

Unknown.

 

References

 

Vulnerability Disclosure Timeline

  • 03/09/2021: Vulnerability discovery
  • 15/09/2021: Vulnerability Report to CERT-XLM
  • 17/09/2021: Vulnerability Report to Vendor: Form to the TeamMate+ Audit team + in the website
  • 08/10/2021: Attempt to report via email + call UK and US phone number
  • 08/10/2021: Got contact email from Twitter private contact
  • 22/10/2021: Contacted the TeamMate’s support
  • 02/11/2021: Got acknowledgement from vendor’s Audit, Risk & Compliance technical support.
  • 04/11/2021: Vendor will evaluate the necessity to produce a patch. If a patch is release, customers will know it through release notes
  • 19/11/2021: Request CVE IDs to Mitre
  • 19/11/2021: CVE ID assigned: CVE-2021-44035
  • 13/12/2021: Expected Vulnerability disclosure

Find more vulnerabilities in our Security Advisory section.

Top