admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-221xx/CVE-2021-22158.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

120 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-22158",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-04-06T21:15:14.397",
"lastModified": "2021-04-12T19:21:49.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected."
},
{
"lang": "es",
"value": "El Servidor Proofpoint Insider Threat Management (anteriormente ObserveIT Server) es vulnerable a una XML external entity (XXE) en la consola web. La vulnerabilidad requiere privilegios de usuario administrador y conocimiento de la clave de cifrado del archivo XML para una explotaci\u00f3n con \u00e9xito. Todas las versiones anteriores a 7.11 est\u00e1n afectadas"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.9.0",
"versionEndExcluding": "7.9.3",
"matchCriteriaId": "49735308-48A4-4ED9-A146-B0EEA9261271"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.10.0",
"versionEndExcluding": "7.10.3",
"matchCriteriaId": "8BB71780-DB7A-499B-B926-7991841A7A17"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.11.0",
"versionEndExcluding": "7.11.1",
"matchCriteriaId": "576B99C8-93B5-43E5-BEFD-5225FB5FA2EE"
}
]
}
]
}
],
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0003",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink