CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-40846

An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.6%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 7.6

References

https://axelp.io/YWDAC
https://www.tradingpaints.com/page/Privacy
https://axelp.io/YWDAC
https://www.tradingpaints.com/page/Privacy

Products affected by CVE-2021-40846

Tradingpaints » Trading Paints » Version: N/A

cpe:2.3:a:tradingpaints:trading_paints:-
Tradingpaints » Trading Paints » Version: 2.0.36

cpe:2.3:a:tradingpaints:trading_paints:2.0.36

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40846

Products

Pricing

Contact Us