CVE-2021-39190

MEDIUM
Published Sep 22, 20223y ago · Modified Jun 17, 20262w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Sep 22, 2022 3y ago
Last Modified Jun 17, 2026 2w ago

Description

The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist.

CVSS Details

Base Score
5.3
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
CWE-862 Missing Authorization Authorization

Affected Products 1

VendorProductVersionRange
teclib-editionsystem_center_configuration_manager* <2.3.0

References 2

  • github.com https://github.com/pluginsGLPI/sccm/commit/29a7f92d32a0cf9aa3f22c52c50b738274d2813e
    PatchThird Party Advisory
  • github.com https://github.com/pluginsGLPI/sccm/security/advisories/GHSA-3324-57w6-jxcq
    Third Party Advisory

Remediation

  • github.com https://github.com/pluginsGLPI/sccm/commit/29a7f92d32a0cf9aa3f22c52c50b738274d2813e
    PatchThird Party Advisory