ICSA-21-308-01 · Published 2021-11-04 · View on CISA ICS-CERT ↗

VISAM VBASE Editor

CVSS 7.4 HIGH CISA KEV — Known Exploited

Risk Summary

Successful exploitation of these vulnerabilities may allow un-neutralized user-controllable data input, disclosure of local files, access to NTLM (Windows New Technology LAN Manager) hashes, and access to sensitive files.

CVEs (9)

CVE-2021-38417 CVE-2021-42535 CVE-2021-42537 CVE-2021-34803 CVE-2020-13699 CVE-2019-18988 CVE-2018-16550 CVE-2018-14333 CVE-2005-2475

Remediations

VISAM recommends users update to VBASE v11.7.0.2 or later. Users may obtain a download link by submitting a request form.
For more information, please contact VISAM using the information provided on the company contact page.

Affected Vendors

VISAM

Affected Products (1)

VISAM · VBASE Pro-RT/ Server-RT (Web Remote) 11.6.0.6

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more