admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-228xx/CVE-2021-22860.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

143 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-22860",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2021-03-17T09:15:12.670",
"lastModified": "2021-03-23T15:35:19.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users\u2019 credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends."
},
{
"lang": "es",
"value": "El sistema de e-document de EIC, no lleva a cabo una comprobaci\u00f3n de identidad completa para clasificar y filtrar los datos del personal. La vulnerabilidad permite a un atacante remoto obtener la informaci\u00f3n de las credenciales de los usuarios sin iniciar sesi\u00f3n en el sistema, y ??adem\u00e1s adquirir los permisos privilegiados y ejecutar recomendaciones arbitrarias"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eic:e-document_system:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2502A7-E3EE-4332-BE44-8D96B74661C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eic:e-document_system:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "36D6184C-8C14-4FC0-8995-8E23CA91A53A"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/tonykuo76/17d497b3472a80a5e8914227e81e6fa3",
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.chtsecurity.com/news/12929036-924b-4b89-8a0e-3e7155e19011",
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.twcert.org.tw/tw/cp-132-4518-c813c-1.html",
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink