Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for Sentinel Protection Installer by Thales
CVE-2021-42809 (GCVE-0-2021-42809)
Vulnerability from nvd – Published: 2021-12-20 20:19 – Updated: 2024-08-04 03:38
VLAI
EPSS
VEX
Title
The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library
Summary
Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.
Severity
6.5 (Medium)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cpl.thalesgroup.com/fr/software-monetizat… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | Sentinel Protection Installer |
Affected:
7.7.0 , ≤ 7.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Sentinel Protection Installer",
"vendor": "Thales",
"versions": [
{
"lessThanOrEqual": "7.7.0",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Intel Corp"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:19:09.000Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@thalesgroup.com",
"ID": "CVE-2021-42809",
"STATE": "PUBLIC",
"TITLE": "The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sentinel Protection Installer",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_name": "7.7.0",
"version_value": "7.7.0"
}
]
}
}
]
},
"vendor_name": "Thales"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Intel Corp"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates",
"refsource": "MISC",
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2021-42809",
"datePublished": "2021-12-20T20:19:09.000Z",
"dateReserved": "2021-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42808 (GCVE-0-2021-42808)
Vulnerability from nvd – Published: 2021-12-20 20:19 – Updated: 2024-08-04 03:38
VLAI
EPSS
VEX
Title
The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions.
Summary
Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.
Severity
6.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cpl.thalesgroup.com/fr/software-monetizat… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | Sentinel Protection Installer |
Affected:
7.7.0 , ≤ 7.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Sentinel Protection Installer",
"vendor": "Thales",
"versions": [
{
"lessThanOrEqual": "7.7.0",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Intel Corp"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:19:10.000Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions.",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@thalesgroup.com",
"ID": "CVE-2021-42808",
"STATE": "PUBLIC",
"TITLE": "The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sentinel Protection Installer",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_name": "7.7.0",
"version_value": "7.7.0"
}
]
}
}
]
},
"vendor_name": "Thales"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Intel Corp"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates",
"refsource": "MISC",
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2021-42808",
"datePublished": "2021-12-20T20:19:10.000Z",
"dateReserved": "2021-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42808 (GCVE-0-2021-42808)
Vulnerability from cvelistv5 – Published: 2021-12-20 20:19 – Updated: 2024-08-04 03:38
VLAI
EPSS
VEX
Title
The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions.
Summary
Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.
Severity
6.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cpl.thalesgroup.com/fr/software-monetizat… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | Sentinel Protection Installer |
Affected:
7.7.0 , ≤ 7.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Sentinel Protection Installer",
"vendor": "Thales",
"versions": [
{
"lessThanOrEqual": "7.7.0",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Intel Corp"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:19:10.000Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions.",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@thalesgroup.com",
"ID": "CVE-2021-42808",
"STATE": "PUBLIC",
"TITLE": "The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sentinel Protection Installer",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_name": "7.7.0",
"version_value": "7.7.0"
}
]
}
}
]
},
"vendor_name": "Thales"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Intel Corp"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates",
"refsource": "MISC",
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2021-42808",
"datePublished": "2021-12-20T20:19:10.000Z",
"dateReserved": "2021-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42809 (GCVE-0-2021-42809)
Vulnerability from cvelistv5 – Published: 2021-12-20 20:19 – Updated: 2024-08-04 03:38
VLAI
EPSS
VEX
Title
The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library
Summary
Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.
Severity
6.5 (Medium)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cpl.thalesgroup.com/fr/software-monetizat… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | Sentinel Protection Installer |
Affected:
7.7.0 , ≤ 7.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Sentinel Protection Installer",
"vendor": "Thales",
"versions": [
{
"lessThanOrEqual": "7.7.0",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Intel Corp"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:19:09.000Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@thalesgroup.com",
"ID": "CVE-2021-42809",
"STATE": "PUBLIC",
"TITLE": "The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sentinel Protection Installer",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_name": "7.7.0",
"version_value": "7.7.0"
}
]
}
}
]
},
"vendor_name": "Thales"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Intel Corp"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates",
"refsource": "MISC",
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2021-42809",
"datePublished": "2021-12-20T20:19:09.000Z",
"dateReserved": "2021-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}