admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-315xx/CVE-2021-31559.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

141 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-31559",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2022-05-06T17:15:08.517",
"lastModified": "2022-10-25T16:42:38.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders."
},
{
"lang": "es",
"value": "Una petici\u00f3n dise\u00f1ada omite la autenticaci\u00f3n S2S TCP Token escribiendo eventos arbitrarios en un \u00edndice en Splunk Enterprise Indexer versiones 8.1 anteriores a 8.1.5 y versiones 8.2 anteriores a 8.2.1. La vulnerabilidad afecta a los Indexadores configurados para usar TCPTokens. No afecta a los reenviadores universales"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@splunk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "prodsec@splunk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.5",
"matchCriteriaId": "69FE383C-7E7F-4119-B0B8-7A9F8A5AE0C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk:8.2.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6EA32AA1-B70F-44B4-964C-6F25FC885104"
}
]
}
]
}
],
"references": [
{
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html",
"source": "prodsec@splunk.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink