Vulnerabilities > Unit4 > MIK Starlight

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-36231 Deserialization of Untrusted Data vulnerability in Unit4 Mik.Starlight 7.9.5.24363
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.
network
low complexity
unit4 CWE-502
8.8
2021-08-31 CVE-2021-36232 Missing Authorization vulnerability in Unit4 Mik.Starlight 7.9.5.24363
Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges.
network
low complexity
unit4 CWE-862
8.8
2021-08-31 CVE-2021-36233 Files or Directories Accessible to External Parties vulnerability in Unit4 Mik.Starlight 7.9.5.24363
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.
network
low complexity
unit4 CWE-552
6.5
2021-08-31 CVE-2021-36234 Use of Hard-coded Credentials vulnerability in Unit4 Mik.Starlight 7.9.5.24363
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.
local
low complexity
unit4 CWE-798
5.5