CVE-2021-37213 : Security Advisory and Response
Learn about CVE-2021-37213, an IDOR vulnerability in Larvata Digital Technology Co. Ltd.'s FLYGO application. Understand the impact, affected versions, and mitigation steps.
A detailed analysis of CVE-2021-37213 focusing on Larvata Digital Technology Co. Ltd.'s FLYGO application vulnerability.
Understanding CVE-2021-37213
This CVE involves an Insecure Direct Object Reference (IDOR) vulnerability in the check-in record page of Larvata Digital Technology Co. Ltd.'s FLYGO application.
What is CVE-2021-37213?
The check-in record page of FLYGO contains an IDOR vulnerability, enabling remote attackers to manipulate specific parameters to access an employee's check-in record.
The Impact of CVE-2021-37213
The vulnerability has a base severity rating of MEDIUM (4.3 CVSS score), with low confidentiality impact and no availability impact. Attackers can exploit this issue with low privileges required.
Technical Details of CVE-2021-37213
This section delves into the specifics of the vulnerability in FLYGO.
Vulnerability Description
The IDOR vulnerability in FLYGO allows authenticated attackers to access specific employee check-in records by manipulating employee IDs and dates.
Affected Systems and Versions
FLYGO versions up to and including 2021.4e are affected by this vulnerability.
Exploitation Mechanism
Remote attackers, authenticated as general users, can exploit this vulnerability by tampering with employee ID and date parameters.
Mitigation and Prevention
Learn about measures to mitigate and prevent exploitation of CVE-2021-37213.
Immediate Steps to Take
It is crucial to update FLYGO to version 1.91.1 to address and remediate this vulnerability.
Long-Term Security Practices
Implement secure coding practices to prevent IDOR vulnerabilities and ensure user input validation.
Patching and Updates
Regularly apply software patches and updates to stay protected from emerging security threats.