Vulnerability in Cordaware bestinformed

CVE

CVE-2021-3168

Vulnerable Software

Cordaware bestinformed <= Version 5.1.0.3

Vulnerability

A Unquoted service path in Cordaware bestinformed software allows a local attacker to potentially escalate privileges to system level.

Timeline

  • 15.12.2020 Vendor informed via Email
  • 17.12.2020 Sending additional information to Vendor
  • 18.12.2020 Calling Vendor
  • 11.01.2021 Still no reply
  • 14.01.2021 Disclosure because of exceeding the 30-day deadline without any actions from the vendor