How severe is CVE-2021-40904?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-40904?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2021-40904

HIGH Year: 2021

CVSS v3 Score

8.8

High

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-276

View all →

Vulnerability Description

The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator.

CVE-2006-5014

HIGH

CVSS:8.8(High)

Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.

CWE-2762006

CVE-2012-4434

HIGH

CVSS:8.8(High)

fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code.

CWE-2762012

CVE-2014-2721

HIGH

CVSS:8.8(High)

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The...

CWE-2762014