CVE-2021-47688
BaseFortify
Publication date: 2025-06-23
Last updated on: 2025-06-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-696 | The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in WhiteBeam versions 0.2.0 through 0.2.1 allows a local user on a server to bypass the whitelist functionality. The issue arises because a file can be truncated during the OpenFileDescriptor action before the VerifyCanWrite action is performed. This means an attacker with local access and sufficient Linux privileges can circumvent the whitelist by exploiting the fopen/fopen64/truncate hooks, enabling arbitrary file truncation, including critical WhiteBeam startup files. [2]
How can this vulnerability impact me? :
The impact of this vulnerability is that a local attacker can bypass the whitelist restrictions intended to control which programs or files can be accessed or modified. This can lead to arbitrary truncation of files, including critical startup files of WhiteBeam, potentially causing denial of service or enabling further local privilege escalation or code execution attacks. The CVSS score of 5.7 indicates a moderate severity with impacts on integrity and availability. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade WhiteBeam to version 0.2.2 or later, where the issue has been patched. No workarounds are available. [2]