CVE-2020-24641

{"id": "CVE-2020-24641", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-01-15T19:15:13.703", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}, {"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface."}, {"lang": "es", "value": "En Aruba AirWave Glass versiones anteriores a 1.3.3, Se presenta una vulnerabilidad de tipo Server-Side Request Forgery por medio de un endpoint no autenticado que, si se explotaba con \u00e9xito, puede resultar en una divulgaci\u00f3n de informaci\u00f3n confidencial. Esto puede ser usado para llevar a cabo una omisi\u00f3n de autenticaci\u00f3n y, en \u00faltima instancia, conseguir acceso administrativo en la interfaz web administrativa"}], "lastModified": "2024-11-21T05:15:19.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:airwave_glass:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5440D98-25CE-48A1-8481-155B6C0CEBB0", "versionEndExcluding": "1.3.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}