CVE-2021-4326
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C/CR:L/IR:X/AR:X/MAV:L/MAC:L/MPR:L/MUI:N/MS:U/MC:L/MI:X/MA:X
Summary
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Open Mainframe Project | Zowe | 1.16.0 < 1.28.2 | affected |
| Open Mainframe Project | Zowe | 2.0.0 < 2.5.0 | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.