Aqua Vulnerability Database
Get Demo
Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities
CVE-2021-43890
Published:
Dec 15, 2021
| Modified:
Dec 30, 2023
CVSS 3.x
7.1
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVD
https://nvd.nist.gov/vuln/detail/CVE-2021-43890
CWE
https://cwe.mitre.org/data/definitions/.html
Affected Software
Name
Vendor
Start Version
End Version
App_installer
Microsoft
*
*
References
https://github.com/ChrisTitusTech/winutil/pull/26
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43890
https://thehackernews.com/2023/12/microsoft-disables-msix-app-installer.html
https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-msix-protocol-handler-abused-in-malware-attacks/
https://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Aqua Container Security