nvd-json-data-feeds/CVE-2021/CVE-2021-256xx/CVE-2021-25648.json

{
  "id": "CVE-2021-25648",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-02-16T15:15:13.587",
  "lastModified": "2021-02-23T12:59:24.800",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Mobile application \"Testes de Codigo\" 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters \"isAdmin\" and \"isPremium\" located on device storage."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n movil \"Testes de Codigo\" versiones 11.4 y anteriores, permite a un atacante conseguir acceso a la interfaz administrativa y las funcionalidades premium al alterar el valor booleano de los par\u00e1metros \"isAdmin\" e \"isPremium\" ubicados en el almacenamiento del dispositivo"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:testes-codigo:testes_de_codigo:*:*:*:*:*:android:*:*",
              "versionEndIncluding": "11.4",
              "matchCriteriaId": "706D1B98-0971-4FF6-BBC1-98430941EEAB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:testes-codigo:testes_de_codigo:*:*:*:*:*:iphone_os:*:*",
              "versionEndIncluding": "11.4",
              "matchCriteriaId": "74ACB733-28D4-40C2-9752-8A6638D0F972"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://vrls.ws/posts/2021/02/cve-2021-25648-mobile-application-testes-de-codigo-privilege-escalation/",
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ]
    }
  ]
}