Original release date: December 27, 2021 CVE ID CVE-2021-21750 CVE-2021-21751 CVSS 3.1 Base Score CVE-2021-21750: 7.8 High (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) CVE-2021-21751: 6.5 Medium (AV:A/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:H) Description CVE-2021-21750: ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access. CVE-2021-21751: ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXIN10 CMS | All versions up to ZXOMS-BIGDATA-IOPSWEBV3.01.01.04 | ZXOMS-BIGDATA-IOPSWEBV8.01.01.01 |
Source The vulnerability was found by ZTE's internal test. Update Records Decemberr 27, 2021, initial release Version Update Method Please contact ZTE Global Customer Support Center to obtain the upgraded version. Global Customer Support Center https://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|