CVE-2021-4326

LOW 3.3

Imperative Local Command Injection allows Activity Masking

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI.

Vendor	open mainframe project
Product	zowe
Published	Feb 22, 2023
Last Updated	Aug 3, 2024

Stay Ahead of the Next One

Get instant alerts for open mainframe project zowe

Be the first to know when new low vulnerabilities affecting open mainframe project zowe are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C/CR:L/IR:X/AR:X/MAV:L/MAC:L/MPR:L/MUI:N/MS:U/MC:L/MI:X/MA:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected Versions

Open Mainframe Project / Zowe

1.16.0 < 1.28.2 2.0.0 < 2.5.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/zowe/imperative/

Credits

Andrew Harn SonarCloud