Search criteria
2 vulnerabilities by Softros Systems
CVE-2021-47890 (GCVE-0-2021-47890)
Vulnerability from cvelistv5 – Published: 2026-01-23 16:47 – Updated: 2026-01-23 19:17
VLAI?
Title
LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path
Summary
LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup.
Severity ?
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Softros Systems | LogonExpert |
Affected:
8.1
|
Credits
Victor Mondragón
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47890",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T19:17:46.289597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T19:17:52.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LogonExpert",
"vendor": "Softros Systems",
"versions": [
{
"status": "affected",
"version": "8.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor Mondrag\u00f3n"
}
],
"datePublic": "2021-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T16:47:36.072Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49586",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49586"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.softros.com/"
},
{
"name": "Software Download Link",
"tags": [
"product"
],
"url": "https://download.logonexpert.com/LogonExpertSetup64.msi"
},
{
"name": "VulnCheck Advisory: LogonExpert 8.1 - \u0027LogonExpertSvc\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/logonexpert-logonexpertsvc-unquoted-service-path"
}
],
"title": "LogonExpert 8.1 - \u0027LogonExpertSvc\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47890",
"datePublished": "2026-01-23T16:47:36.072Z",
"dateReserved": "2026-01-18T12:35:05.173Z",
"dateUpdated": "2026-01-23T19:17:52.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47889 (GCVE-0-2021-47889)
Vulnerability from cvelistv5 – Published: 2026-01-23 16:47 – Updated: 2026-01-23 19:18
VLAI?
Title
Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path
Summary
Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges.
Severity ?
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Softros Systems | LAN Messenger |
Affected:
9.6.4
|
Credits
Victor Mondragón
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47889",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T19:18:06.925341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T19:18:11.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LAN Messenger",
"vendor": "Softros Systems",
"versions": [
{
"status": "affected",
"version": "9.6.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor Mondrag\u00f3n"
}
],
"datePublic": "2021-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in \u0027C:\\Program Files (x86)\\Softros Systems\\Softros Messenger\\Spell Checker\\\u0027 to inject malicious executables and escalate privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T16:47:35.467Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49588",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49588"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.softros.com/"
},
{
"name": "VulnCheck Advisory: Softros LAN Messenger 9.6.4 - \u0027SoftrosSpellChecker\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/softros-lan-messenger-softrosspellchecker-unquoted-service-path"
}
],
"title": "Softros LAN Messenger 9.6.4 - \u0027SoftrosSpellChecker\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47889",
"datePublished": "2026-01-23T16:47:35.467Z",
"dateReserved": "2026-01-18T12:35:05.173Z",
"dateUpdated": "2026-01-23T19:18:11.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}