CVE-2021-41382
CVE-2021-41382
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 8.9%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
21 Sep 2021Published on NVD
18 Oct 2021Public PoC
Weaponization speed
26 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/164531/Plastic-SCM-10.0.16.5622-Insecure-Direct-Object-Reference.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50426unverifiedcve_referencepacketstormsecurity.com/files/164531/Plastic-SCM-10.0.16.5622-Improper-Access-Control.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.