10

CVE-2021-37270

EPSS 0.26%
Veröffentlicht 27.09.2021 21:15:07
Zuletzt bearbeitet 21.11.2024 06:14:55
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

S-cms ≫ Cms Enterprise Website Construction System Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.467

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/purple-WL/S-cms-Unauthorized

Third Party Advisory

https://www.cnvd.org.cn/flaw/show/2815129

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-37270

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-37270

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-37270

EUVD