CVE-2021-36982
HIGHAIMANAGER b107-b115 - OS Command Injection via HTTP Request Parameter
Title source: llmDescription
AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request.
References (3)
Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://www.monitorapp.com/waf/
Third Party Advisory x_refsource_misc
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0022/FEYE-2021-0022.md
Third Party Advisory x_refsource_confirm
https://github.com/monitorapp-aicc/report/wiki/CVE-2021-36982
Scores
CVSS v3
8.1
EPSS
0.0247
EPSS Percentile
82.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
monitorapp/application_insight_manager
b107 - b115
Published
Aug 12, 2021
Tracked Since
Feb 18, 2026