Aggregates CVE and security vulnerability intelligence across all auvesy-mdt-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection and vendor risk path handling, with potential vendor impact data exposure and vendor impact file overwrite across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-32961 | A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities. | [email protected] | 7.5 | 1.18% | 2022-04-01 | 2026-06-16 |
| CVE-2021-32957 | A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking. | [email protected] | 7.5 | 0.86% | 2022-04-01 | 2026-06-16 |
| CVE-2021-32953 | An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login. | [email protected] | 9.8 | 1.17% | 2022-04-01 | 2026-06-16 |
| CVE-2021-32949 | An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file. | [email protected] | 7.5 | 1.05% | 2022-04-01 | 2026-06-16 |
| CVE-2021-32945 | An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06. | [email protected] | 7.5 | 0.38% | 2022-04-01 | 2026-06-16 |
| CVE-2021-32937 | An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated. | [email protected] | 7.5 | 1.00% | 2022-04-01 | 2026-06-16 |
| CVE-2021-32933 | An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process. | [email protected] | 10.0 | 1.17% | 2022-04-01 | 2026-06-16 |