// For flags

CVE-2021-42336

Huachu Digital Technology Co.,Ltd. Easytest - Improper Authorization

Severity Score

4.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters.

La página del historial de aprendizaje de Easytest es vulnerable por una omisión de permisos. Después de obtener permisos de usuario, unos atacantes remotos pueden acceder a la información de la cuenta de otros usuarios y del administrador, excepto la contraseña, al diseñar parámetros de la URL

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-10-12 CVE Reserved
  • 2021-10-15 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-285: Improper Authorization
CAPEC
References (1)
URL Tag Source
https://www.twcert.org.tw/tw/cp-132-5205-1de5a-1.html Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Huaju
Search vendor "Huaju"
 Easytest Online Learning Test Platform
Search vendor "Huaju" for product "Easytest Online Learning Test Platform"
 1705
Search vendor "Huaju" for product "Easytest Online Learning Test Platform" and version "1705"
-
Affected