CVE

CVE-2021-3168

Vulnerable Software

Cordaware bestinformed <= Version 5.1.0.3

Vulnerability

A Unquoted service path in Cordaware bestinformed software allows a local attacker to potentially escalate privileges to system level.

Timeline

• 15.12.2020 Vendor informed via Email
• 17.12.2020 Sending additional information to Vendor
• 18.12.2020 Calling Vendor
• 11.01.2021 Still no reply
• 14.01.2021 Disclosure because of exceeding the 30-day deadline without any actions from the vendor