Lucene search

[email protected]NVD:CVE-2021-28174

HistoryApr 08, 2021 - 4:15 a.m.

CVE-2021-28174

2021-04-0804:15:14

CWE-287

[email protected]

web.nvd.nist.gov

mitake smart stock selection

broken authentication

remote attackers

transaction record

fraudulent trading

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.002

Percentile

52.5%

JSON

Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login.

Affected configurations

Nvd

Node

mitakesmart_stock_selectionRange≤2020-06-23

VendorProductVersionCPE
mitakesmart_stock_selection*cpe:2.3:a:mitake:smart_stock_selection:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mitake	smart_stock_selection	*	cpe:2.3:a:mitake:smart_stock_selection::::::::

References

www.twcert.org.tw/tw/cp-132-4625-4ccc6-1.html

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.002

Percentile

52.5%

JSON

Related for NVD:CVE-2021-28174

prion1 cvelist1 cve1