Description
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ledgersmb | ledgersmb/ledgersmb | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DSA |
DSA-4962-1 | ledgersmb security update |
 EUVD |
EUVD-2021-26979 | LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. |
 Ubuntu USN |
USN-5097-1 | LedgerSMB vulnerabilities |
| Ubuntu USN |
USN-7647-1 | LedgerSMB vulnerabilities |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: @huntrdev
Published:
Updated: 2024-08-03T17:01:08.128Z
Reserved: 2021-08-09T00:00:00.000Z
Link: CVE-2021-3694
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-23T13:15:07.780
Modified: 2024-11-21T06:22:10.327
Link: CVE-2021-3694
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses