Remote Code Execution Vulnerability in Cyclos 4 PRO 4.14.7 and Earlier

Remote Code Execution Vulnerability in Cyclos 4 PRO 4.14.7 and Earlier

CVE-2021-31674 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.

Learn more about our User Device Pen Test.