CVE-2021-27402

{"id": "CVE-2021-27402", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2021-08-13T16:15:07.243", "references": [{"url": "https://www.mitel.com/support/security-advisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0004", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.mitel.com/support/security-advisories", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0004", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal."}, {"lang": "es", "value": "El portal SAS Admin de Mitel MiCollab versiones anteriores a 9.2 FP2, podr\u00eda permitir a un atacante no autenticado acceder (visualizar y modificar) los datos de los usuarios inyectando rutas de directorio arbitrarias debido a una comprobaci\u00f3n inapropiada de la URL, tambi\u00e9n se conoce como Salto de Directorio."}], "lastModified": "2024-11-21T05:57:55.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "200AECAB-6B5A-4881-852F-F9ABFB241E3C", "versionEndExcluding": "9.2"}, {"criteria": "cpe:2.3:a:mitel:micollab:9.2:-:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "7F557ADB-202D-4A6C-869E-38629240CC9F"}, {"criteria": "cpe:2.3:a:mitel:micollab:9.2:fp1:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "61A8FD1A-8F20-47CE-80E1-5E59B70507A8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}