CVE-2021-35037

{"id": "CVE-2021-35037", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2021-07-12T11:15:08.193", "references": [{"url": "https://www.jamf.com/jamf-nation/discussions/39219/jamf-pro-10-30-1-security-upgrade", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may be malicious. This is tracked via Jamf with the following ID: PI-009822"}, {"lang": "es", "value": "Jamf Pro versiones anteriores a 10.30.1, permite una vulnerabilidad de redireccionamiento de URL no validada, afectando a los clientes de Jamf Pro que alojan sus entornos en las instalaciones. Un atacante puede dise\u00f1ar una URL que parece ser para la instancia de Jamf Pro de un cliente, pero cuando se hace clic en ella redirige al usuario a una URL arbitraria que puede ser maliciosa. Esto es rastreado por medio de Jamf con el siguiente ID: PI-009822"}], "lastModified": "2021-07-22T13:02:48.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jamf:jamf:*:*:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "27EB426D-0066-46D8-ADBC-E99BB14BDEE8", "versionEndExcluding": "10.30.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}