CVE-2021-38910

{"id": "CVE-2021-38910", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-03-10T20:15:08.200", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209824", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6562347", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824."}, {"lang": "es", "value": "IBM DataPower Gateway versiones V10CD, 10.0.1 y 2108.4.1, podr\u00eda permitir a un atacante remoto omitir las restricciones de seguridad, causado por una comprobaci\u00f3n incorrecta de la entrada. Al enviar un mensaje JSON especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para modificar la estructura y los campos. IBM X-Force ID: 209824"}], "lastModified": "2022-03-18T17:54:53.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C242C00-2B08-4D30-8353-BC6EFF4C08BC", "versionEndIncluding": "10.0.1.5", "versionStartIncluding": "10.0.1.0"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99FA702F-1D35-4553-BBE3-A94BE958641F", "versionEndIncluding": "2018.4.1.18", "versionStartIncluding": "2018.4.1.0"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:10.0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12B6C926-133E-42AF-8FB9-4B23C3EBAF27"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:10.0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B44C41B-CBDA-4000-9602-07D279BDEB03"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}