Vulnerability in Cordaware bestinformed

CVE

CVE-2021-3168

Vulnerable software

Cordaware bestinformed <= version 5.1.0.3

Vulnerability

An Unquoted service path in Cordaware bestinformed software allows a local attacker to potentially escalate privileges to system level.

Timeline

  • 15.12.2020 Vendor informed via email
  • 17.12.2020 Sending additional information to Vendor
  • 12/18/2020 Calling Vendor
  • 11.01.2021 Still no reply
  • 14.01.2021 Disclosure because of exceeding the 30-day deadline without any actions from the vendor
Twitter
LinkedIn
Facebook

CVE

Vulnerability type

Pentester

Publication

Software version

Timeline