cvelist/2021/42xxx/CVE-2021-42331.json

{
    "CVE_data_meta": {
        "AKA": "TWCERT/CC",
        "ASSIGNER": "cve@cert.org.tw",
        "DATE_PUBLIC": "2021-10-15T11:38:00.000Z",
        "ID": "CVE-2021-42331",
        "STATE": "PUBLIC",
        "TITLE": "ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-2"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "ShinHer StudyOnline System",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "2021"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "ShinHer Information Co., LTD."
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The \u201cStudy Edit\u201d function of ShinHer StudyOnline System does not perform permission control. After logging in with user\u2019s privilege, remote attackers can access and edit other users\u2019 tutorial schedule by crafting URL parameters."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-285 Improper Authorization"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://www.twcert.org.tw/tw/cp-132-5201-dc534-1.html",
                "name": "https://www.twcert.org.tw/tw/cp-132-5201-dc534-1.html"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "Update ShinHer StudyOnline System to version v2021.08.20.01"
        }
    ],
    "source": {
        "advisory": "TVN-202110003",
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2021-10-12 21:00:58 +00:00			`{`
			`"CVE_data_meta": {`
Add TWCERT/CC CVE-2021-42329 CVE-2021-42330 CVE-2021-42331 CVE-2021-42332 CVE-2021-42333 CVE-2021-42334 CVE-2021-42335 CVE-2021-42336 2021-10-15 20:04:25 +08:00			`"AKA": "TWCERT/CC",`
			`"ASSIGNER": "cve@cert.org.tw",`
			`"DATE_PUBLIC": "2021-10-15T11:38:00.000Z",`
"-Synchronized-Data." 2021-10-12 21:00:58 +00:00			`"ID": "CVE-2021-42331",`
Add TWCERT/CC CVE-2021-42329 CVE-2021-42330 CVE-2021-42331 CVE-2021-42332 CVE-2021-42333 CVE-2021-42334 CVE-2021-42335 CVE-2021-42336 2021-10-15 20:04:25 +08:00			`"STATE": "PUBLIC",`
			`"TITLE": "ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-2"`
"-Synchronized-Data." 2021-10-12 21:00:58 +00:00			`},`
Add TWCERT/CC CVE-2021-42329 CVE-2021-42330 CVE-2021-42331 CVE-2021-42332 CVE-2021-42333 CVE-2021-42334 CVE-2021-42335 CVE-2021-42336 2021-10-15 20:04:25 +08:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "ShinHer StudyOnline System",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_value": "2021"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "ShinHer Information Co., LTD."`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2021-10-12 21:00:58 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2021-10-15 13:00:59 +00:00			`"value": "The \u201cStudy Edit\u201d function of ShinHer StudyOnline System does not perform permission control. After logging in with user\u2019s privilege, remote attackers can access and edit other users\u2019 tutorial schedule by crafting URL parameters."`
Add TWCERT/CC CVE-2021-42329 CVE-2021-42330 CVE-2021-42331 CVE-2021-42332 CVE-2021-42333 CVE-2021-42334 CVE-2021-42335 CVE-2021-42336 2021-10-15 20:04:25 +08:00			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.4,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "LOW",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-285 Improper Authorization"`
			`}`
			`]`
"-Synchronized-Data." 2021-10-12 21:00:58 +00:00			`}`
			`]`
Add TWCERT/CC CVE-2021-42329 CVE-2021-42330 CVE-2021-42331 CVE-2021-42332 CVE-2021-42333 CVE-2021-42334 CVE-2021-42335 CVE-2021-42336 2021-10-15 20:04:25 +08:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2021-10-15 13:00:59 +00:00			`"refsource": "MISC",`
			`"url": "https://www.twcert.org.tw/tw/cp-132-5201-dc534-1.html",`
			`"name": "https://www.twcert.org.tw/tw/cp-132-5201-dc534-1.html"`
Add TWCERT/CC CVE-2021-42329 CVE-2021-42330 CVE-2021-42331 CVE-2021-42332 CVE-2021-42333 CVE-2021-42334 CVE-2021-42335 CVE-2021-42336 2021-10-15 20:04:25 +08:00			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "Update ShinHer StudyOnline System to version v2021.08.20.01"`
			`}`
			`],`
			`"source": {`
			`"advisory": "TVN-202110003",`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2021-10-12 21:00:58 +00:00			`}`
			`}`