CVE-2021-44035 | Cyber Solutions By Thales

Abstract Advisory Information

This vulnerability allows an attacker to use the TeamMate application attachments to trick authenticated users to download and execute malicious files.

Version affected

Vendor: Wolters Kluwer

Name: TeamMate Audit Solutions

Version: TeamMate AM 12.4 Update 1

Common Vulnerability Scoring System

4.4

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Patches

Unknown

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44035

Vulnerability Disclosure Timeline

03/09/2021: Vulnerability discovery
15/09/2021: Vulnerability Report to CERT-XLM
17/09/2021: Vulnerability Report to Vendor: Form to the TeamMate+ Audit team + in the website
08/10/2021: Attempt to report via email + call UK and US phone number
08/10/2021: Got contact email from Twitter private contact
22/10/2021: Contacted the TeamMate’s support
02/11/2021: Got acknowledgement from vendor’s Audit, Risk & Compliance technical support.
04/11/2021: Vendor will evaluate the necessity to produce a patch. If a patch is release, customers will know it through release notes
19/11/2021: Request CVE IDs to Mitre
19/11/2021: CVE ID assigned: CVE-2021-44035
13/12/2021: Expected Vulnerability disclosure