admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-224xx/CVE-2021-22498.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

153 lines
5.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-22498",
"sourceIdentifier": "security@microfocus.com",
"published": "2021-01-19T16:15:13.250",
"lastModified": "2021-01-29T16:12:04.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection."
},
{
"lang": "es",
"value": "Vulnerabilidad de Inyecci\u00f3n de Entidad Externa XML en el producto Micro Focus Application Lifecycle Management (anteriormente se conoce como Quality Center). La vulnerabilidad afecta a las versiones 12.x, 12.60 Parche 5 y anteriores, 15.0.1 Parche 2 y anteriores y 15.5. La vulnerabilidad podr\u00eda ser explotada para permitir una Inyecci\u00f3n de Entidad Externa XML"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.50",
"versionEndIncluding": "12.60",
"matchCriteriaId": "04E989E6-96B6-431F-A68E-44C3DC4CCC31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0.0",
"versionEndIncluding": "15.0.1",
"matchCriteriaId": "8C2AA512-D7E4-4ABF-B495-542D4EB856C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch1:*:*:*:*:*:*",
"matchCriteriaId": "7424FAB0-201A-4908-8826-245DA119C5F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch2:*:*:*:*:*:*",
"matchCriteriaId": "48260409-EAC4-4294-A665-76F5D97F74BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch3:*:*:*:*:*:*",
"matchCriteriaId": "2D261545-AB84-4C3D-8EDB-9986B5B5C252"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch4:*:*:*:*:*:*",
"matchCriteriaId": "E49D67E6-5499-4653-B945-C17DE52ADD2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch5:*:*:*:*:*:*",
"matchCriteriaId": "E19D3008-08D5-4E5F-9F67-99E917EDE855"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:15.0.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "B90BEA78-299C-4AE2-ABE7-D499F05C4E8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:15.0.1:patch2:*:*:*:*:*:*",
"matchCriteriaId": "41910128-1873-40CB-9875-48940AC95AD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B5A87A-BE3D-4041-A971-8DF3A32D578A"
}
]
}
]
}
],
"references": [
{
"url": "https://softwaresupport.softwaregrp.com/doc/KM03771781",
"source": "security@microfocus.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink