CVE-2021-32957

CWE-427 UNCONTROLLED SEARCH PATH ELEMENT:
A function is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking.

Risk Information

  • CVE ID
  • CVE-2021-32957
  • Vendor
  • MDT Software
  • Product
  • AutoSave
  • CVSS v3
  • 7.5