admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-266xx/CVE-2021-26630.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

161 lines
4.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-26630",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2022-05-19T15:15:07.740",
"lastModified": "2022-06-01T20:02:47.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in HANDY Groupware\u2019s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en el m\u00f3dulo ActiveX de HANDY Groupware permite a atacantes descargar o ejecutar archivos arbitrarios. Esta vulnerabilidad puede ser explotada usando la ruta de descarga o ejecuci\u00f3n de archivos como el valor del par\u00e1metro de la funci\u00f3n vulnerable"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:handysoft:groupware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.4.7",
"matchCriteriaId": "0B3EBC31-FAA9-4C1D-8412-A23517BC6B10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:handysoft:groupware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0.0",
"versionEndExcluding": "2.0.3.7",
"matchCriteriaId": "86BDCB18-DEAE-45AC-9192-84B2050C9AF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:handysoft:groupware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0.0",
"versionEndExcluding": "4.0.1.8",
"matchCriteriaId": "6F44BCC9-9AC7-4D80-9A9E-C0CD24D8C6E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66723",
"source": "vuln@krcert.or.kr",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink