CVE-2021-31868

EPSS 0.12%
Veröffentlicht 19.08.2021 16:15:12
Zuletzt bearbeitet 21.11.2024 06:06:23
Quelle cve@rapid7.com
CVE-Watchlists
Login
Unerledigt
Login

Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rapid7 ≫ Nexpose Version < 6.6.96

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.311

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N
cve@rapid7.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://docs.rapid7.com/release-notes/nexpose/20210804/

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-31868

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-31868

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-31868

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-31868