admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-357xx/CVE-2020-35741.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

153 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-35741",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2020-12-31T08:15:13.660",
"lastModified": "2021-01-08T13:10:26.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks."
},
{
"lang": "es",
"value": "HGiga MailSherlock no comprueba los par\u00e1metros de usuario en m\u00faltiples p\u00e1ginas de inicio de sesi\u00f3n. Unos atacantes pueden usar la vulnerabilidad para inyectar la sintaxis de JavaScript para ataques de tipo XSS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hgiga:msr45_isherlock-antispam:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5-133",
"matchCriteriaId": "2E5B5E25-BC65-49E2-9865-9BC9A4DE98F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hgiga:msr45_isherlock-user:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5-120",
"matchCriteriaId": "F203F7FA-9E30-49AD-956C-5E893B1264A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hgiga:ssr45_isherlock-antispam:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5-133",
"matchCriteriaId": "DAAA3F24-7821-4F5A-A64E-EEA30B269DD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hgiga:ssr45_isherlock-user:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5-120",
"matchCriteriaId": "BE0FEDEB-2C43-4C45-800A-9323146DC214"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.html",
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink