Remote Code Execution Vulnerability in FaviconService

Remote Code Execution Vulnerability in FaviconService

CVE-2021-27770 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.

Learn more about our Web App Pen Testing.