CVE-2021-22860

{"id": "CVE-2021-22860", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-03-17T09:15:12.670", "references": [{"url": "https://gist.github.com/tonykuo76/17d497b3472a80a5e8914227e81e6fa3", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.chtsecurity.com/news/12929036-924b-4b89-8a0e-3e7155e19011", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-4518-c813c-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users\u2019 credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends."}, {"lang": "es", "value": "El sistema de e-document de EIC, no lleva a cabo una comprobaci\u00f3n de identidad completa para clasificar y filtrar los datos del personal. La vulnerabilidad permite a un atacante remoto obtener la informaci\u00f3n de las credenciales de los usuarios sin iniciar sesi\u00f3n en el sistema, y ??adem\u00e1s adquirir los permisos privilegiados y ejecutar recomendaciones arbitrarias"}], "lastModified": "2021-03-23T15:35:19.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eic:e-document_system:2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF2502A7-E3EE-4332-BE44-8D96B74661C7"}, {"criteria": "cpe:2.3:a:eic:e-document_system:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D6184C-8C14-4FC0-8995-8E23CA91A53A"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}