From 1c0fda527505e334a9fc394c06b338815adbfe2b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 May 2021 01:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/24xxx/CVE-2020-24421.json | 8 ++++---- 2021/21xxx/CVE-2021-21013.json | 18 +++++++++--------- 2021/21xxx/CVE-2021-21042.json | 16 ++++++++-------- 2021/21xxx/CVE-2021-21082.json | 14 +++++++------- 2021/21xxx/CVE-2021-21085.json | 16 ++++++++-------- 2021/28xxx/CVE-2021-28545.json | 16 ++++++++-------- 6 files changed, 44 insertions(+), 44 deletions(-) diff --git a/2020/24xxx/CVE-2020-24421.json b/2020/24xxx/CVE-2020-24421.json index 204a4058b8c..ee8eca2b2e8 100644 --- a/2020/24xxx/CVE-2020-24421.json +++ b/2020/24xxx/CVE-2020-24421.json @@ -57,15 +57,15 @@ "cvss": { "attackComplexity": "Low", "attackVector": "Local", - "availabilityImpact": "Low", - "baseScore": 3.3, - "baseSeverity": "Low", + "availabilityImpact": "High", + "baseScore": 5.5, + "baseSeverity": "Medium", "confidentialityImpact": "None", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H ", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21013.json b/2021/21xxx/CVE-2021-21013.json index 5c95edb8739..d3142dd20f2 100644 --- a/2021/21xxx/CVE-2021-21013.json +++ b/2021/21xxx/CVE-2021-21013.json @@ -49,23 +49,23 @@ "description_data": [ { "lang": "eng", - "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account." } ] }, "impact": { "cvss": { - "attackComplexity": "None", - "attackVector": "None", + "attackComplexity": "Low", + "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 7.1, + "baseScore": 8.1, "baseSeverity": "High", - "confidentialityImpact": "None", - "integrityImpact": "None", - "privilegesRequired": "None", - "scope": "None", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", "userInteraction": "None", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N ", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21042.json b/2021/21xxx/CVE-2021-21042.json index 6269a4fdc89..b36e3cba332 100644 --- a/2021/21xxx/CVE-2021-21042.json +++ b/2021/21xxx/CVE-2021-21042.json @@ -49,23 +49,23 @@ "description_data": [ { "lang": "eng", - "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + "value": "Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] }, "impact": { "cvss": { - "attackComplexity": "None", - "attackVector": "None", + "attackComplexity": "Low", + "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 4, + "baseScore": 4.3, "baseSeverity": "Medium", - "confidentialityImpact": "None", + "confidentialityImpact": "Low", "integrityImpact": "None", "privilegesRequired": "None", - "scope": "None", - "userInteraction": "None", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21082.json b/2021/21xxx/CVE-2021-21082.json index 55f8c595882..782f0aa1202 100644 --- a/2021/21xxx/CVE-2021-21082.json +++ b/2021/21xxx/CVE-2021-21082.json @@ -56,16 +56,16 @@ "impact": { "cvss": { "attackComplexity": "Low", - "attackVector": "Network", - "availabilityImpact": "Low", - "baseScore": 7.5, + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, "baseSeverity": "High", - "confidentialityImpact": "None", - "integrityImpact": "Low", + "confidentialityImpact": "High", + "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", - "userInteraction": "None", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21085.json b/2021/21xxx/CVE-2021-21085.json index ecee7ec86f0..f4c6afc2e34 100644 --- a/2021/21xxx/CVE-2021-21085.json +++ b/2021/21xxx/CVE-2021-21085.json @@ -49,23 +49,23 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into the registration form and achieve arbitrary code execution in the context of the admin account." + "value": "Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine." } ] }, "impact": { "cvss": { "attackComplexity": "Low", - "attackVector": "Network", - "availabilityImpact": "Low", - "baseScore": 7.1, + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, "baseSeverity": "High", - "confidentialityImpact": "Low", - "integrityImpact": "Low", + "confidentialityImpact": "High", + "integrityImpact": "High", "privilegesRequired": "None", - "scope": "Changed", + "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, diff --git a/2021/28xxx/CVE-2021-28545.json b/2021/28xxx/CVE-2021-28545.json index 29a6a911e32..54713582ada 100644 --- a/2021/28xxx/CVE-2021-28545.json +++ b/2021/28xxx/CVE-2021-28545.json @@ -49,23 +49,23 @@ "description_data": [ { "lang": "eng", - "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to show arbitrary content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without invalidating the original certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file." } ] }, "impact": { "cvss": { - "attackComplexity": "None", - "attackVector": "None", + "attackComplexity": "Low", + "attackVector": "Network", "availabilityImpact": "None", "baseScore": 8.1, "baseSeverity": "High", - "confidentialityImpact": "None", - "integrityImpact": "None", + "confidentialityImpact": "High", + "integrityImpact": "High", "privilegesRequired": "None", - "scope": "None", - "userInteraction": "None", - "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" } },