CVE-2021-31410

EPSS 0.28%
Veröffentlicht 23.04.2021 17:15:08
Zuletzt bearbeitet 21.11.2024 06:05:36
Quelle security@vaadin.com
CVE-Watchlists
Login
Unerledigt
Login

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vaadin ≫ Designer Version >= 4.3.0 < 4.6.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.51

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
security@vaadin.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')

The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://vaadin.com/security/cve-2021-31410

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-31410

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-31410

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-31410

EUVD