CVE-2021-26705

{"id": "CVE-2021-26705", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2021-03-05T19:15:14.577", "references": [{"url": "https://www.exploit-db.com/exploits/49621", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/49621", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within the application, such as disclosing password hashes."}, {"lang": "es", "value": "Se detect\u00f3 un problema en SquareBox CatDV Server versiones hasta 9.2. Un atacante puede invocar m\u00e9todos RMI sensibles como getConnections sin autenticaci\u00f3n, cuyos resultados pueden ser usados para generar tokens de autenticaci\u00f3n v\u00e1lidos. Estos tokens pueden ser usados para invocar tareas administrativas dentro de la aplicaci\u00f3n, como divulgar el hash de contrase\u00f1as"}], "lastModified": "2024-11-21T05:56:42.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:squarebox:catdv:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FAB3AFC-3794-49A9-A932-4852A32E633E", "versionEndIncluding": "9.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}