CVE Vulnerability

CVE-2021-44230

PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. In this scenario, the compromised account may have inherited read access to sensitive configuration, database, and log files.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://portswigger.net/burp/releases/enterprise-edition-2021-11?requestededition=enterprise Release Notes Vendor Advisory
Configurations

Configuration 1
Information

Published : 2021-11-30 07:15

Updated : 2021-12-01 08:36

NVD link : CVE-2021-44230

Mitre link : CVE-2021-44230

Products Affected
No products.
CWE
CWE-732