Cyber Resilience

CVE-2021-22000

HighPublic PoC

Published: 13 July 2021

Published
13 July 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0015 35.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-22000 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Vmware Thinapp. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 35.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having…

more

VMware ThinApp installed on it.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

vmware
thinapp
5.2 — 5.2.10

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References