CVE-2021-33576

{"id": "CVE-2021-33576", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-06-18T11:15:08.760", "references": [{"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.cleo.com/cleo-lexicom", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cleo.com/cleo-lexicom", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk."}, {"lang": "es", "value": "Se ha detectado un problema en Cleo LexiCom versi\u00f3n 5.5.0.0. Dentro del mensaje AS2, el remitente puede especificar un nombre de archivo. Este nombre de archivo puede incluir caracteres de salto de ruta, permitiendo que el archivo sea escrito en una ubicaci\u00f3n arbitraria del disco"}], "lastModified": "2024-11-21T06:09:07.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cleo:lexicom:5.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B8BB630-86C2-4ABE-AAAC-8E9F02897C22"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}