CVE-2021-21982

{"id": "CVE-2021-21982", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2021-04-01T19:15:13.560", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2021-0005.html", "tags": ["Patch", "Vendor Advisory"], "source": "security@vmware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings."}, {"lang": "es", "value": "El dispositivo VMware Carbon Black Cloud Workload versiones 1.0.0 y 1.01, tiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n que puede permitir que un actor malicioso con acceso a la red para la interfaz administrativa del dispositivo VMware Carbon Black Cloud Workload obtenga un token de autenticaci\u00f3n v\u00e1lido. Una explotaci\u00f3n con \u00e9xito de este problema dar\u00eda como resultado que el atacante pudiera visualizar y modificar la configuraci\u00f3n administrativa."}], "lastModified": "2021-04-06T16:29:30.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:carbon_black_cloud_workload:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAAD90C5-9B4C-47B0-A43D-72AF6E8A9901", "versionEndIncluding": "1.0.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@vmware.com"}