nvd-json-data-feeds/CVE-2021/CVE-2021-224xx/CVE-2021-22410.json

{
  "id": "CVE-2021-22410",
  "sourceIdentifier": "psirt@huawei.com",
  "published": "2021-11-23T15:15:07.310",
  "lastModified": "2021-11-24T21:43:48.867",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de inyecci\u00f3n de tipo XSS en iMaster NCE-Fabric versi\u00f3n V100R019C10. Un m\u00f3dulo del cliente no verifica suficientemente la entrada. Los atacantes pueden explotar esta vulnerabilidad al modificar la entrada despu\u00e9s de iniciar la sesi\u00f3n en el cliente. Esto puede comprometer el servicio normal del cliente"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.5
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:huawei:imaster_nce-fabric_firmware:v100r019c10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB199AC9-7CD6-49E5-A4B6-13C3C30CE21D"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:huawei:imaster_nce-fabric:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B2A6-6C41-48C2-8194-377D726DA674"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-xss-en",
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}