U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2021-31771

Change History

CVE Modified by MITRE 1/18/2022 2:15:09 PM

Action Type Old Value New Value
Changed Description
** DISPUTED ** Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service 'WindowsScheduler' calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as "nt authority\system") since the service runs as Local System. NOTE: the vendor states that the exploit-db.com and packetstormsecurity.com references (provided by a third party) were deleted once the vendor "proved that he had made a mistake."
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Removed Reference
http://splinterware.com [Vendor Advisory]

Removed Reference
https://packetstormsecurity.com/files/162540/Splinterware-System-Scheduler-Professional-5.30-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]

Removed Reference
https://www.exploit-db.com/exploits/49858 [Exploit, Third Party Advisory, VDB Entry]