CVE-2021-22038

EPSS 0.67% · P71 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-22038

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

InstallBuilder安全特征问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Vmware InstallBuilder是美国威睿（Vmware）公司的一款多平台安装程序开发和自动更新工具。 InstallBuilder 存在安全漏洞，该漏洞源于在某些情况下在InstallBuilder Windows版本上，卸载程序二进制文件将自己复制到一个固定的临时位置，然后执行该位置。这个临时位置不是随机的，也不限制只对管理员的访问，因此潜在的攻击者可利用该漏洞在调用软件之前植入一个二进制文件来替换复制的二进制文件，从而获得管理员权限。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	VMware InstallBuilder	All InstallBuilder versions prior to version 21.6.0	-

II. Public POCs for CVE-2021-22038

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-22038

请登录查看更多情报信息。

Same Patch Batch · n/a · 2021-10-29 · 19 CVEs total

CVE-2021-41676		Pharmacy Point Of Sale System SQL注入漏洞
CVE-2020-25881		RKCMS 路径遍历漏洞
CVE-2020-25873		baijiacms 路径遍历漏洞
CVE-2020-25872		FrogCms 路径遍历漏洞
CVE-2021-41746		Yonyou TurboCrm SQL注入漏洞
CVE-2021-41646		Online Reviewer System 代码问题漏洞
CVE-2021-41645		Sourcecodester Budget and Expense Tracker System 代码问题漏洞
CVE-2021-41644		Online Reviewer System 代码问题漏洞
CVE-2021-41643		Online Reviewer System 代码问题漏洞
CVE-2020-22079		Tenda AC-10U 缓冲区错误漏洞
CVE-2021-41675		Sourcecodester E-Negosyo System 代码问题漏洞
CVE-2021-41674		Pharmacy Point Of Sale System SQL注入漏洞
CVE-2021-3441		Hp OfficeJet 7110 Wide Format Eprinter 跨站脚本漏洞
CVE-2021-3662		HP LaserJet Enterprise 跨站脚本漏洞
CVE-2021-22037		InstallBuilder代码问题漏洞
CVE-2021-31862		Sysaid Technologies SysAid 跨站脚本漏洞
CVE-2021-31627		Tenda AC9 安全漏洞
CVE-2021-31624		Tenda AC9 安全漏洞

IV. Related Vulnerabilities

Same product: VMware InstallBuilder

Same vendor: n/a

V. Comments for CVE-2021-22038

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-22038

I. Basic Information for CVE-2021-22038

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-22038

III. Intelligence Information for CVE-2021-22038

Same Patch Batch · n/a · 2021-10-29 · 19 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-22038

Leave a comment