nvd-json-data-feeds/CVE-2021/CVE-2021-369xx/CVE-2021-36982.json

{
  "id": "CVE-2021-36982",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-08-12T18:15:10.337",
  "lastModified": "2021-08-24T15:55:55.800",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request."
    },
    {
      "lang": "es",
      "value": "AIMANAGER versiones anteriores a B115 en los dispositivos MONITORAPP Application Insight Web Application Firewall (AIWAF) con Manager versi\u00f3n 2.1.0, permite la inyecci\u00f3n de comandos en el Sistema Operativo debido a una falta de comprobaci\u00f3n de entrada en uno de los par\u00e1metros de una petici\u00f3n HTTP"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:monitorapp:application_insight_manager:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "b107",
              "versionEndExcluding": "b115",
              "matchCriteriaId": "E9E2CA11-04CA-43E3-BBC2-46A2DAD8ED3F"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:a:monitorapp:application_insight_web_application_firewall:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89AC475F-FDAF-442D-A441-EEF883CF1142"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0022/FEYE-2021-0022.md",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/monitorapp-aicc/report/wiki/CVE-2021-36982",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.monitorapp.com/waf/",
      "source": "cve@mitre.org",
      "tags": [
        "Product",
        "Vendor Advisory"
      ]
    }
  ]
}