Home

CVE-2021-20784

Description

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.452

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-20784 are affected in Everything (MSI) (x64) 1.0Windows
Vulnerabilities CVE-2021-20784 are affected in Everything (MSI) (x64) 1.1.4.301Windows
Vulnerabilities CVE-2021-20784 are affected in Everything (MSI) (x64) 1.2.1.451aWindows
Vulnerabilities CVE-2021-20784 are affected in Everything (MSI) (x64) 1.4.1.991Windows
Vulnerabilities CVE-2021-20784 are affected in Everything (MSI) 1.0Windows
Vulnerabilities CVE-2021-20784 are affected in Everything (MSI) 1.1.4.301Windows
Vulnerabilities CVE-2021-20784 are affected in Everything (MSI) 1.2.1.451aWindows
Vulnerabilities CVE-2021-20784 are affected in Everything (MSI) 1.4.1.991Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-349268Everything (MSI) (x64) (1.4.1.1028)
PATCH-349268Everything (MSI) (x64) (1.4.1.1028)
PATCH-349268Everything (MSI) (x64) (1.4.1.1028)
PATCH-349267Everything (MSI) (1.4.1.1028)
PATCH-349267Everything (MSI) (1.4.1.1028)
PATCH-349267Everything (MSI) (1.4.1.1028)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234