nvd-json-data-feeds/CVE-2021/CVE-2021-441xx/CVE-2021-44160.json

{
  "id": "CVE-2021-44160",
  "sourceIdentifier": "twcert@cert.org.tw",
  "published": "2021-12-29T08:15:06.703",
  "lastModified": "2022-08-09T01:23:43.853",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Carinal Tien Hospital Health Report System\u2019s login page has improper authentication, a remote attacker can acquire another general user\u2019s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user."
    },
    {
      "lang": "es",
      "value": "La p\u00e1gina de inicio de sesi\u00f3n de Carinal Tien Hospital Health Report System presenta una autenticaci\u00f3n inapropiada, un atacante remoto puede adquirir el privilegio de otro usuario general al modificar el par\u00e1metro de la cookie sin autenticaci\u00f3n. El atacante puede entonces llevar a cabo operaciones limitadas en el sistema o modificar los datos, haciendo que el servicio est\u00e9 parcialmente no disponible para el usuario"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "twcert@cert.org.tw",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    },
    {
      "source": "twcert@cert.org.tw",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cth:carinal_tien_hospital_health_report_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89569AAC-76FE-4E90-BAD6-CFB7520741D3"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.twcert.org.tw/tw/cp-132-5429-4185b-1.html",
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}