CVE-2021-44439

{"id": "CVE-2021-44439", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-12-14T12:15:11.430", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14908)"}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en JT Utilities (Todas las versiones anteriores a V13.1.1.0), JTTK (Todas las versiones anteriores a V11.1.1.0). La biblioteca JTTK en los productos afectados es vulnerable a una lectura fuera de l\u00edmites m\u00e1s all\u00e1 del final de un b\u00fafer asignado cuando son analizados archivos JT especialmente dise\u00f1ados. Un atacante podr\u00eda aprovechar esta vulnerabilidad para filtrar informaci\u00f3n en el contexto del proceso actual. (ZDI-CAN-14908)"}], "lastModified": "2021-12-14T19:13:27.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:jt_open_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E5FA782-E074-4406-ACA6-788DD24327C7", "versionEndExcluding": "11.1.1.0"}, {"criteria": "cpe:2.3:a:siemens:jt_utilities:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A46E8F39-E213-48F4-8355-E34118668B49", "versionEndExcluding": "13.1.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}