9.8

CVE-2021-33318

Exploit

EPSS 0.74%
Veröffentlicht 16.05.2022 16:15:07
Zuletzt bearbeitet 21.11.2024 06:08:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ipmatcher Project ≫ Ipmatcher Version <= 1.0.4.1

Watsonwebserver Project ≫ Watsonwebserver Version <= 4.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.74%	0.722

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

https://github.com/jchristn/IpMatcher

Third Party Advisory

https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89

Patch

Third Party Advisory

https://github.com/jchristn/WatsonWebserver

Third Party Advisory

https://github.com/kaoudis/advisories/blob/main/0-2021.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-33318

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-33318

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-33318

EUVD