CVE-2021-36216 - Vulnerability Details

Vendors	Products
Linecorp	Line

Link	Providers
https://hackerone.com/reports/950688

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "LINE for Windows", "vendor": "LINE Corporation", "versions": [{"status": "affected", "version": "<="}]}], "descriptions": [{"lang": "en", "value": "LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-08T17:50:44", "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "shortName": "LINE"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/950688"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "dl_cve@linecorp.com", "ID": "CVE-2021-36216", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LINE for Windows", "version": {"version_data": [{"version_affected": "6.2.1.2289", "version_value": "<="}]}}]}, "vendor_name": "LINE Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-427"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/950688", "refsource": "MISC", "url": "https://hackerone.com/reports/950688"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:54:50.701Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/950688"}]}]}, "cveMetadata": {"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "assignerShortName": "LINE", "cveId": "CVE-2021-36216", "datePublished": "2021-09-08T17:50:44", "dateReserved": "2021-07-07T00:00:00", "dateUpdated": "2024-08-04T00:54:50.701Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : LINE for Windows (string)

vendor : LINE Corporation (string)

versions : [ »

0 : { »

status : affected (string)

version : <= (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-427 (string)

description : CWE-427 (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-09-08T17:50:44 (string)

orgId : 657f3255-0560-4aed-82e4-7f579ec6acfb (string)

shortName : LINE (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://hackerone.com/reports/950688 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : dl_cve@linecorp.com (string)

ID : CVE-2021-36216 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : LINE for Windows (string)

version : { »

version_data : [ »

0 : { »

version_affected : 6.2.1.2289 (string)

version_value : <= (string)

}

]

}

]

}

vendor_name : LINE Corporation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-427 (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://hackerone.com/reports/950688 (string)

refsource : MISC (string)

url : https://hackerone.com/reports/950688 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T00:54:50.701Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://hackerone.com/reports/950688 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 657f3255-0560-4aed-82e4-7f579ec6acfb (string)

assignerShortName : LINE (string)

cveId : CVE-2021-36216 (string)

datePublished : 2021-09-08T17:50:44 (string)

dateReserved : 2021-07-07T00:00:00 (string)

dateUpdated : 2024-08-04T00:54:50.701Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linecorp:line:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6AB39276-B410-4A15-9544-F86B3E03FCB7", "versionEndIncluding": "6.2.1.2289", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection."}, {"lang": "es", "value": "LINE para Windows versi\u00f3n 6.2.1.2289 y anteriores, permite una ejecuci\u00f3n de c\u00f3digo arbitrario por medio de una inyecci\u00f3n de DLL maliciosa"}], "id": "CVE-2021-36216", "lastModified": "2024-11-21T06:13:19.947", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-08T18:15:19.557", "references": [{"source": "dl_cve@linecorp.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/950688"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/950688"}], "sourceIdentifier": "dl_cve@linecorp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "dl_cve@linecorp.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:linecorp:line:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : 6AB39276-B410-4A15-9544-F86B3E03FCB7 (string)

versionEndIncluding : 6.2.1.2289 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection. (string)

}

1 : { »

lang : es (string)

value : LINE para Windows versión 6.2.1.2289 y anteriores, permite una ejecución de código arbitrario por medio de una inyección de DLL maliciosa (string)

}

]

id : CVE-2021-36216 (string)

lastModified : 2024-11-21T06:13:19.947 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-09-08T18:15:19.557 (string)

references : [ »

0 : { »

source : dl_cve@linecorp.com (string)

tags : [ »

0 : Permissions Required (string)

]

url : https://hackerone.com/reports/950688 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Permissions Required (string)

]

url : https://hackerone.com/reports/950688 (string)

}

]

sourceIdentifier : dl_cve@linecorp.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-427 (string)

}

]

source : dl_cve@linecorp.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-427 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object