CVE-2021-32972

{"id": "CVE-2021-32972", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2021-07-09T11:15:08.630", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software."}, {"lang": "es", "value": "Panasonic FPWIN Pro, todas las versiones 7.5.1.1 y anteriores, permite a un atacante dise\u00f1ar un archivo de proyecto especificando un URI que causa al analizador XML acceder al URI e insertar el contenido, lo que puede permitir al atacante divulgar informaci\u00f3n que es accesible en el contexto del usuario que ejecuta el software"}], "lastModified": "2024-11-21T06:08:02.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:panasonic:fpwin_pro:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06D9D943-579D-4E4B-A121-E4814F31F8A0", "versionEndIncluding": "7.5.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}