CVE-2021-41302 - Vulnerability Details

Vendors	Products
Ecoa	Ecs Router Controller-ecs Ecs Router Controller-ecs Firmware Riskbuster Riskbuster Firmware Riskterminator

Link	Providers
https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "ECS Router Controller ECS (FLASH)", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}, {"product": "RiskBuster Terminator E6L45", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}, {"product": "RiskBuster System RB 3.0.0", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}, {"product": "RiskBuster System TRANE 1.0", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}, {"product": "Graphic Control Software", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}, {"product": "SmartHome II E9246", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}, {"product": "RiskTerminator", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}], "datePublic": "2021-09-30T00:00:00", "descriptions": [{"lang": "en", "value": "ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user\u2019s privilege."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-311", "description": "CWE-311 Missing Encryption of Sensitive Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-30T10:41:08", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html"}], "solutions": [{"lang": "en", "value": "Contact tech support from ECOA."}], "source": {"advisory": "TVN-202109018", "discovery": "EXTERNAL"}, "title": "ECOA BAS controller - Missing Encryption of Sensitive Data", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2021-09-30T10:13:00.000Z", "ID": "CVE-2021-41302", "STATE": "PUBLIC", "TITLE": "ECOA BAS controller - Missing Encryption of Sensitive Data"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ECS Router Controller ECS (FLASH)", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}, {"product_name": "RiskBuster Terminator E6L45", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}, {"product_name": "RiskBuster System RB 3.0.0", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}, {"product_name": "RiskBuster System TRANE 1.0", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}, {"product_name": "Graphic Control Software", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}, {"product_name": "SmartHome II E9246", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}, {"product_name": "RiskTerminator", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}]}, "vendor_name": "ECOA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user\u2019s privilege."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-311 Missing Encryption of Sensitive Data"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html"}]}, "solution": [{"lang": "en", "value": "Contact tech support from ECOA."}], "source": {"advisory": "TVN-202109018", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:08:32.040Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2021-41302", "datePublished": "2021-09-30T10:41:08.156249Z", "dateReserved": "2021-09-15T00:00:00", "dateUpdated": "2024-09-16T20:21:36.719Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : ECS Router Controller ECS (FLASH) (string)

vendor : ECOA (string)

versions : [ »

0 : { »

lessThan : unspecified (string)

status : unknown (string)

version : next of 0 (string)

versionType : custom (string)

}

]

}

1 : { »

product : RiskBuster Terminator E6L45 (string)

vendor : ECOA (string)

versions : [ »

0 : { »

lessThan : unspecified (string)

status : unknown (string)

version : next of 0 (string)

versionType : custom (string)

}

]

}

2 : { »

product : RiskBuster System RB 3.0.0 (string)

vendor : ECOA (string)

versions : [ »

0 : { »

lessThan : unspecified (string)

status : unknown (string)

version : next of 0 (string)

versionType : custom (string)

}

]

}

3 : { »

product : RiskBuster System TRANE 1.0 (string)

vendor : ECOA (string)

versions : [ »

0 : { »

lessThan : unspecified (string)

status : unknown (string)

version : next of 0 (string)

versionType : custom (string)

}

]

}

4 : { »

product : Graphic Control Software (string)

vendor : ECOA (string)

versions : [ »

0 : { »

lessThan : unspecified (string)

status : unknown (string)

version : next of 0 (string)

versionType : custom (string)

}

]

}

5 : { »

product : SmartHome II E9246 (string)

vendor : ECOA (string)

versions : [ »

0 : { »

lessThan : unspecified (string)

status : unknown (string)

version : next of 0 (string)

versionType : custom (string)

}

]

}

6 : { »

product : RiskTerminator (string)

vendor : ECOA (string)

versions : [ »

0 : { »

lessThan : unspecified (string)

status : unknown (string)

version : next of 0 (string)

versionType : custom (string)

}

]

}

]

datePublic : 2021-09-30T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 7.3 (number)

baseSeverity : HIGH (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-311 (string)

description : CWE-311 Missing Encryption of Sensitive Data (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-09-30T10:41:08 (string)

orgId : cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e (string)

shortName : twcert (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Contact tech support from ECOA. (string)

}

]

source : { »

advisory : TVN-202109018 (string)

discovery : EXTERNAL (string)

}

title : ECOA BAS controller - Missing Encryption of Sensitive Data (string)

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

AKA : TWCERT/CC (string)

ASSIGNER : cve@cert.org.tw (string)

DATE_PUBLIC : 2021-09-30T10:13:00.000Z (string)

ID : CVE-2021-41302 (string)

STATE : PUBLIC (string)

TITLE : ECOA BAS controller - Missing Encryption of Sensitive Data (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : ECS Router Controller ECS (FLASH) (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?> (string)

version_value : 0 (string)

}

]

}

1 : { »

product_name : RiskBuster Terminator E6L45 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?> (string)

version_value : 0 (string)

}

]

}

2 : { »

product_name : RiskBuster System RB 3.0.0 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?> (string)

version_value : 0 (string)

}

]

}

3 : { »

product_name : RiskBuster System TRANE 1.0 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?> (string)

version_value : 0 (string)

}

]

}

4 : { »

product_name : Graphic Control Software (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?> (string)

version_value : 0 (string)

}

]

}

5 : { »

product_name : SmartHome II E9246 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?> (string)

version_value : 0 (string)

}

]

}

6 : { »

product_name : RiskTerminator (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?> (string)

version_value : 0 (string)

}

]

}

]

}

vendor_name : ECOA (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 7.3 (number)

baseSeverity : HIGH (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-311 Missing Encryption of Sensitive Data (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html (string)

refsource : MISC (string)

url : https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html (string)

}

]

}

solution : [ »

0 : { »

lang : en (string)

value : Contact tech support from ECOA. (string)

}

]

source : { »

advisory : TVN-202109018 (string)

discovery : EXTERNAL (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T03:08:32.040Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e (string)

assignerShortName : twcert (string)

cveId : CVE-2021-41302 (string)

datePublished : 2021-09-30T10:41:08.156249Z (string)

dateReserved : 2021-09-15T00:00:00 (string)

dateUpdated : 2024-09-16T20:21:36.719Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E80292D1-E3AD-42B6-A63E-3546010B97A3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ecoa:ecs_router_controller-ecs:-:*:*:*:*:*:*:*", "matchCriteriaId": "541B6C82-F00E-4BFC-9947-A55B2F4EDD06", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ecoa:riskbuster_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "19A28430-AB2B-423F-82D4-FC0E3A6DF335", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ecoa:riskbuster:-:*:*:*:*:*:*:*", "matchCriteriaId": "58A6F2A4-A7DA-4A88-B572-917FFC80ADC1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:*", "matchCriteriaId": "841DF575-8E63-4AB4-A6F9-77C28FC65BCE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user\u2019s privilege."}, {"lang": "es", "value": "El controlador ECOA BAS almacena datos confidenciales (exportaciones de copias de seguridad) en texto sin cifrar, por lo que un atacante no autenticado puede consultar remotamente la contrase\u00f1a del usuario y alcanzar sus privilegios"}], "id": "CVE-2021-41302", "lastModified": "2024-11-21T06:26:00.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2021-09-30T11:15:08.033", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "twcert@cert.org.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E80292D1-E3AD-42B6-A63E-3546010B97A3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:ecoa:ecs_router_controller-ecs:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 541B6C82-F00E-4BFC-9947-A55B2F4EDD06 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:ecoa:riskbuster_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 19A28430-AB2B-423F-82D4-FC0E3A6DF335 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:ecoa:riskbuster:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 58A6F2A4-A7DA-4A88-B572-917FFC80ADC1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 841DF575-8E63-4AB4-A6F9-77C28FC65BCE (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. (string)

}

1 : { »

lang : es (string)

value : El controlador ECOA BAS almacena datos confidenciales (exportaciones de copias de seguridad) en texto sin cifrar, por lo que un atacante no autenticado puede consultar remotamente la contraseña del usuario y alcanzar sus privilegios (string)

}

]

id : CVE-2021-41302 (string)

lastModified : 2024-11-21T06:26:00.130 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 7.3 (number)

baseSeverity : HIGH (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.4 (number)

source : twcert@cert.org.tw (string)

type : Secondary (string)

}

]

}

published : 2021-09-30T11:15:08.033 (string)

references : [ »

0 : { »

source : twcert@cert.org.tw (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html (string)

}

]

sourceIdentifier : twcert@cert.org.tw (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-311 (string)

}

]

source : twcert@cert.org.tw (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-312 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object