admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-215xx/CVE-2021-21517.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

144 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-21517",
"sourceIdentifier": "security_alert@emc.com",
"published": "2021-03-01T21:15:14.350",
"lastModified": "2021-03-08T18:10:29.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service."
},
{
"lang": "es",
"value": "SRS Policy Manager versiones 6.X, est\u00e1 afectado por una vulnerabilidad de Inyecci\u00f3n de XML External Entity (XXE) debido a un analizador XML configurado inapropiadamente que procesa una entrada DTD proporcionada por el usuario sin una suficiente comprobaci\u00f3n. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para leer archivos de sistema como un usuario no root y puede ser capaz de interrumpir temporalmente el servicio ESRS"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:emc_srs_policy_manager:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "543F5FCD-47FD-4F6E-A260-551C02331ED5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:emc_srs_policy_manager:6.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E937A556-06B5-4C73-9218-1CC88A18CDAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:emc_srs_policy_manager:6.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A03C721-72B7-4353-9645-08AC4F7907C5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000183576/dsa-2021-045-dell-emc-srs-policy-manager-security-update-for-external-entity-injection-vulnerability",
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink