Skip to main content

Control Center CVE-2021-33408

MEDIUM
Cleartext Transmission of Sensitive Information (CWE-319)
2021-05-27 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 27, 2021 - 22:15 nvd
MEDIUM 6.5

DescriptionNVD

Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1.

AnalysisAI

Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-319. Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1. Affected products include: Abinitio Control\>Center. Version information: before 4.0.2.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-5616 MEDIUM POC
4.9 Apr 15

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use s

CVE-2022-21229 HIGH
7.8 Aug 18

Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an aut

CVE-2025-7883 HIGH
7.1 Jul 20

Command injection in Eluktronics Control Center 5.23.51.41 allows local authenticated users to execute arbitrary PowerSh

CVE-2022-26669 MEDIUM
6.5 Jun 20

ASUS Control Center is vulnerable to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp

CVE-2022-26668 MEDIUM
6.5 Jun 20

ASUS Control Center API has a broken access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability

CVE-2021-20528 MEDIUM
5.4 May 19

IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability i

CVE-2023-43052 MEDIUM
5.3 Mar 07

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper valid

CVE-2021-20529 MEDIUM
5.3 May 19

IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further atta

CVE-2016-0252 MEDIUM
5.1 Jul 08

IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users t

CVE-2025-7884 LOW
1.9 Jul 20

Eluktronics Control Center 5.23.51.41 permits local authenticated users to bypass data authenticity verification in the

CVE-2024-35114 MEDIUM
5.3 Jan 25

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy

CVE-2024-35113 MEDIUM
4.3 Jan 25

IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a d

Share

CVE-2021-33408 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy