CVE-2021-33577

{"id": "CVE-2021-33577", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-06-18T11:15:08.797", "references": [{"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.cleo.com/cleo-lexicom", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cleo.com/cleo-lexicom", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain."}, {"lang": "es", "value": "Se ha detectado un problema en Cleo LexiCom versi\u00f3n 5.5.0.0. El requisito para que el remitente de un mensaje AS2 se identifique (por medio de la encriptaci\u00f3n y la firma del mensaje) puede ser omitido al cambiar el Content-Type del mensaje a texto plano"}], "lastModified": "2024-11-21T06:09:07.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cleo:lexicom:5.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B8BB630-86C2-4ABE-AAAC-8E9F02897C22"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}