How severe is CVE-2021-41037?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2021-41037?

This is classified as CWE-829, which is a common weakness in software security.

CVE-2021-41037

HIGH Year: 2021

CVSS v3 Score

8.0

High

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-829

View all →

Vulnerability Description

In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like agent or other settings that usually require particular attention in term of security. Although p2 has built-in strategies to ensure artifacts are signed and then to help establish trust, there is no such strategy for the metadata part that does configure such touchpoints. As a result, it's possible to install a unit that will run malicious code during installation without user receiving any warning about this installation step being risky when coming from untrusted source.

CVE-2022-30244

HIGH

CVSS:8.0(High)

Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verif...

CWE-8292022

CVE-2024-43690

HIGH

CVSS:8.0(High)

Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Comman...

CWE-8292024

CVE-2017-6381

HIGH

CVSS:8.1(High)

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, an...

CWE-8292017

CVE-2019-10666

HIGH

CVSS:8.1(High)

An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling bas...

CWE-8292019

CVE-2019-11770

HIGH

CVSS:8.1(High)

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciousl...

CWE-8292019

CVE-2020-24985

HIGH

CVSS:8.1(High)

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retriev...

CWE-8292020

CVE-2021-41037

Vulnerability Description

Related Vulnerabilities

CVE-2022-30244

CVE-2024-43690

CVE-2017-6381

CVE-2019-10666

CVE-2019-11770

CVE-2020-24985