Home > Vulnerability Database > CVE-2021-35938

Mend Vulnerability Database

CVE-2021-35938

Good to know:

Date: June 30, 2021

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity Score

6.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-35938

Url: https://access.redhat.com/security/cve/CVE-2021-35938

Url: https://security-tracker.debian.org/tracker/CVE-2021-35938

Severity Score

6.5

Top Fix

Upgrade Version

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend Vulnerability Database

We found results for “”

CVE-2021-35938

Good to know:

Date: June 30, 2021

Severity Score

Related Resources (3)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?