CVE-2021-21733

{"id": "CVE-2021-21733", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2021-05-19T12:15:07.867", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015304", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}, {"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015304", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02."}, {"lang": "es", "value": "El sistema de administraci\u00f3n de ZXCDN est\u00e1 impactado por una vulnerabilidad de filtraci\u00f3n de informaci\u00f3n. Unos atacantes pueden realizar un an\u00e1lisis m\u00e1s detallado de acuerdo con la informaci\u00f3n devuelta por el programa y luego conseguir informaci\u00f3n confidencial. Esto afecta a ZXCDN V7.01 todas las versiones hasta IAMV7.01.01.02"}], "lastModified": "2024-11-21T05:48:54.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zte:zxcdn:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "695B72B3-EA4A-4392-B52E-0235A27A5030", "versionEndExcluding": "iamv7.01.02.02", "versionStartIncluding": "7.01"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@zte.com.cn"}