Unquoted Search Path or Element

CVE-2021-29218

Medium

6.7/10

Summary

A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-428 - Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References

Advisory Timeline

Published Feb 04, 2022

Unquoted Search Path or Element

CVE-2021-29218

Summary

CWE-428 - Unquoted Search Path or Element

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS