Bitrix Site Manager före 21.0.100 Vote Module Remote Code Execution

En kritiskt svag punkt hittades i Bitrix Site Manager. Som påverkar en okänd funktion av komponenten Vote Module. En uppgradering till den version 21.0.100 att åtgärda problemet.

Fält23/03/2022 06:3025/03/2022 08:43
vendorBitrixBitrix
nameSite ManagerSite Manager
componentVote ModuleVote Module
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://helpdesk.bitrix24.com/open/15536776/https://helpdesk.bitrix24.com/open/15536776/
nameUpgradeUpgrade
upgrade_version21.0.10021.0.100
cveCVE-2022-27228CVE-2022-27228
cve_assigned1647471600 (17/03/2022)1647471600 (17/03/2022)
date1647990000 (23/03/2022)1647990000 (23/03/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore6.56.5
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.07.0
cvss3_meta_basescore7.37.3
cvss3_meta_tempscore7.07.0
price_0day$0-$5k$0-$5k
cve_nvd_summaryIn the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code.

Do you need the next level of professionalism?

Upgrade your account now!