Active Debug Code

CVE-2021-23861

Medium

6.5/10

Summary

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-489 - Active Debug Code

The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

References

Advisory Timeline

Published Dec 08, 2021

Active Debug Code

CVE-2021-23861

Summary

CWE-489 - Active Debug Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS