CVE-2021-44216

🔶 medium

Summary

Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files.

CVSS Score

5.5

Medium

EPSS Score

0.1

Exploit Probability

Published Date

2022-03-10

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.5% of all 328,009 vulnerabilities in our database.

#221,257

Below average severity

Severity Percentile

Last Modified 2024-11-21

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE IDs (Weakness Types)

CWE-276

📦 Affected Products 2

Vendor	Product	Status	Affected Versions
northern.tech	cfengine	Affected	< 3.15.5
northern.tech	cfengine	Affected	≥ 3.18.0 < 3.18.1

🔗 References 2

https://cfengine.com/blog/2022/cve-2021-44215-and-cv...

Exploit Vendor Advisory

https://northern.tech

Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-24710	🔶 medium	6.1	0.0	Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.	2026-05-14
CVE-2026-24711	🔶 medium	5.3	0.0	Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.	2026-05-14
CVE-2026-24712	⚠️ high	7.3	0.4	Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.	2026-05-14
CVE-2023-45684	⚠️ high	7.5	0.6	Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earl...	2023-11-14
CVE-2023-26560	🔶 medium	6.5	0.3	Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports...	2023-04-26
CVE-2021-44215	🔶 medium	5.5	0.1	Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users ...	2022-03-10

These CVEs affect the same products