Vulnerabilities in StealthINTERCEPT
Executive Summary
Vulnerabilities were discovered in current and past versions of StealthINTERCEPT. Stealthbits is unaware of any evidence of active exploitation of any of these vulnerabilities, or that the details of any these vulnerabilities are known publicly.
Acknowledgements
We thank Ron Lifinski and Pavel Jirout for their effort and partnership in improving the security of our products.
Vulnerability
| Identifier |
Product |
Affected Versions |
Description |
|
CVE-2021-43965
|
StealthINTERCEPT Enterprise Manager
|
<7.3.5
|
Administrative functions in StealthINTERCEPT Enterprise Manager may be remotely accessed by an unauthenticated attacker.
|
|
CVE-2021-43967
|
StealthINTERCEPT Enterprise Manager
|
<7.3.5
|
Use of client-side authorization in StealthINTERCEPT Enterprise Manager may allow an unprivileged remote attacker to escalate privileges.
|
|
CVE-2021-43964
|
StealthINTERCEPT Enterprise Manager
|
<7.3.5
|
A remote code execution vulnerability in StealthINTERCEPT Enterprise Manager may allow an attacker to execute arbitrary code on the StealthINTERCEPT Enterprise Manager.
|
|
CVE-2021-43968
|
StealthINTERCEPT Enterprise Manager
|
<7.3.5
|
A remote code execution vulnerability in StealthINTERCEPT Enterprise Manager may allow an attacker to execute arbitrary code on managed systems when the Auto Deploy feature is enabled.
|
|
CVE-2021-43966
|
StealthINTERCEPT Enterprise Manager
|
<7.3.5
|
A remote privilege escalation vulnerability in StealthINTERCEPT Enterprise Manager may allow an attacker to compromise stored credentials.
|
Additional Resources
Stealthbits customers should review the security advisory published in the Stealthbits knowledge base.
